Re: Remove-it Update.

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
says...
Quoted text here. Click to load it

Pick any 5 items from the stolen batch file and tell the world what they
remove, since you can't do that, since you don't have a clue what they
remove, you won't be able to tell anyone...


--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Re: Remove-it Update.


| There you go, you can name the keys/lines that remove those items, you
| know you can't cause you didn't write the batch file and you don't know
| crap about them... I said you would not be able to identify even 5 keys,
| and you just proved you can't.


Even that which he did create ain't worth shit.  He puports that Remove-It
"removes" the
TDSserv RootKit.  That batch file in Remove-It ...

   attrib -h -r -s "%systemroot%\system32\TDSSxfum.dll"
DEL /F /Q "%systemroot%\system32\TDSSxfum.dll"


attrib -h -r -s "%systemroot%\Temp\*.*"
DEL /F /Q "%systemroot%\Temp\*.*"


attrib -h -r -s "%systemroot%\system32\TDSSlxwp.dll"
DEL /F /Q "%systemroot%\system32\TDSSlxwp.dll"




attrib -h -r -s "%systemroot%\system32\TDSSkkbi.log"
DEL /F /Q "%systemroot%\system32\TDSSkkbi.log"


attrib -h -r -s "%systemroot%\system32\drivers\TDSSpqlt.sys "
DEL /F /Q "%systemroot%\system32\drivers\TDSSpqlt.sys "


attrib -h -r -s "%systemroot%\system32\TDSSlxwp.dll"
DEL /F /Q "%systemroot%\system32\TDSSlxwp.dll"

Is EXTREMELY limited in scope and does not target the full array of the TDSServ
RootKit
variants and is completely insufficient to deal with a RootKit.

A BAT files runs under the context of the user.  This is a hidden service
RootKit with
kernel level access to the OS.  The Command Interpreter can't/won't touch any of
the
files, it won't even see the files and it certainly will not "remove" it.




--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Remove-it Update.

says...
Quoted text here. Click to load it
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HomeAntivirus2009
Quoted text here. Click to load it

You really are stupid, that's not all that is in the batch file, there
are ones that are not obvious, you know, things that don't exactly spell
out the name of the malware - any idiot like you can pick the ones that
are clearly named, but you can't tell anyone what they ones that are not
clearly named do....


--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Re: Remove-it Update. Butts showing he didn't create the code

spam999free@rrohio.com says...
Quoted text here. Click to load it

Well, as you can all see, PCBUTTS1 has avoided answering the question
about any 5 keys/entries in his code, except for the ones that ANYONE
could identify.... He's show that he doesn't understand the code and
doesn't actually understand malware detection....

Here are two very easy keys, bet he can't tell us what they represent:

Example 1: popupgo.dll
Example 2:
Example 3: amecemosu._sy

Lets see Chris waffle on this one....


--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Re: Remove-it Update. Butts showing he didn't create the code

says...
Quoted text here. Click to load it

And yet you've been proven, by your own actions, to be stalking myself
and others - your every Usenet post, your blog, your creating a domain
name in my name.... Seems that you are the one stalking, not me.

Stop stalking me and making yourself look worse in each post.



--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Site Timeline