Help needed on IE6 after attack of ibm00003 virus

  • Thread starter Thread starter Simple Guy
  • Start date Start date
Yes, first time I saw you post it - assuming it *is* the one you posted
before (I don't let little pissflaps like you provoke me, so haven't
followed the link this time - I already know your pattern you pathetic
little pervert) - I realised it was just more Butthead unimaginative
unoriginality. Now, of course, I've seen the other libels you post (oh yes,
*anonymously* rofl!) and I realise the picture fits your pattern -
sexually-perverted pictures of males, including those of bestiality and
torture.

For US authorities:

pcbutts1 appears to fit the profile of a potential danger to young boys. Any
young boys who are missing, pcbutts1 should be considered a suspected
abductor of.

If, in the unlikely event you'd need to go trans-Atlantic to check pictures
pcbutts1 has posted to the internet, feel free to examine my computer. I, of
course, did not save them after following his anonymously-annoying links,
but I know you can recover them nonetheless.

Shane Beatson, United Kingdom, 21/01/06
 
To Simple Guy

pcbutts1 is a self-implicated pervert who posts not to help people but -
presumably - to profit from people clicking his links, and to anonymously
annoy - because he is that sad, inadequate kind of individual who feels
empowered doing so - newsgroup regulars, none of whom want hjt logs posted
here (they clog the groups and - among other reasons - are why there are
special forums for posting them to).

pcbutts1 is probably the most evil individual you are ever likely to meet
posting on the internet.

By the way, all this information is stored on Google - the links he has
posted to pictures of homosexual perversion, under the thinly-veiled pretext
of attempting to discredit those who oppose him.

I am currently profiling pcbutts1 with the intent of either prompting US
authorities to arrest and prosecute him, or to see if his behaviour is
permitted in US Law and, if so, they are proud of it.

Shane
 
Heather said:
Oh....so calling me that was *nice*....lol. Considering the vile website
you have, I suppose it is. Trying to decide if you are just mentally
challenged or 85 years old, because your continual use of that word is so
terribly passé.

Quote....the program is clean, the downloadable database is
not.....unquote. Idiot.....it has a ton of small viruses or trojans that
will only bother those who download pirated programs. At least you are
familiar with those, seeing as you steal other people's programs and try
to palm them off as your own. PLAGIARIST!! THIEF!!

I won't lower myself to your vulgar level with the usage of common foul
language. You have the IQ of a gnat!!

Funny that, isn't it Figgs! At first glance he looks more intelligent than
Sooooge - criminal rather than merely impotent. But it is plain -
eventually, anyway - that he is just the standard low-brow.


Shane
 
pcbutts1 said:
This whole line needs to be removed "F2 - REG:system.ini: Shell=explorer.exe
"C:\Program Files\Common Files\Microsoft Shared\WebFolders\ibm00003.exe"
along with everything I mentioned.

no it doesn't !

"simple guy" posted he has windows xp service pack 2.

system.ini is not interpreted by windows 2000, windows xp and windows
20003 server.

The OS loads the system "shell" via the winlogon shell section key of
the registry.

your suggestion will not help simple guy you are wasting his time and
you are just a troll as everyone say you are.
 
F0 corresponds to the Shell= statement in System.ini. The shell = statement
in the system.ini is used in Windows 9X and below (ME use this as well?) to
designate what program would act as the shell for the operating system. The
Shell is the program that would load your desktop, handle window management,
and allow the user to interact with the system. Any program listed after the
shell statement will be loaded when Windows starts, and act as the default
shell. There were some programs that acted as valid shell replacements, but
they are generally no longer used. Windows 95 and 98 (Windows ME?) both used
Explorer.exe as their shell by default. Windows 3.X used Progman.exe as its
shell. It is also possible to list other programs that will launch as
Windows loads in the same Shell = line, such as Shell=explorer.exe
badprogram.exe. This line will make both programs start when Windows loads.

F1 corresponds to the Run= or Load=entry in win.ini . Any programs listed
after the run= or load= will load when Windows starts. This run= statement
was mostly used during the Windows 3.1, 95, and 98 years and is kept for
backwards compatibility with older programs. Most modern programs do not use
this ini setting, and if you do not use older program you can rightfully be
suspicious. The load= statement was used to load drivers for your hardware.

F2 and F3 entries correspond to the equivalent locations as F0 and F1, but
they are instead stored in the registry for Windows versions XP, 2000, and
NT. These versions of Windows do not generally use the system.ini and
win.ini files. Instead of backwards compatibility they use a function called
IniFileMapping. IniFileMapping, puts a all the contents of a an .ini file in
the registry, with keys for each line found in the .ini key stored there.
Then when you run a program that normally reads their settings from an .ini
file, it will first check the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\IniFileMapping, for an .ini mapping, and if found will
read the settings from there instead. You can see that this key is referring
to the registry as it will contain REG and then the .ini file which
IniFileMapping is referring to.

Another entry commonly found in F2 is the UserInit entry which corresponds
to the key HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Userinit which is found in Windows NT, 2000, XP
and 2003. This key specifies what program should be launched right after a
user logs into Windows. The default program for this key is
C:\windows\system32\userinit.exe. Userinit.exe is a program that restores
your profile, fonts, colors, etc for your username. It is possible to add
further programs that will launch from this key by separating the programs
with a comma. For example: HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\Userinit
=C:\windows\system32\userinit.exe,c:\windows\badprogram.exe. This will make
both programs launch when you log in and is a common place for trojans,
hijackers, and spyware to launch from. A statement like Shell=Explorer.exe
something.exe, then you should definitely delete it. For F2, if you see
UserInit=userinit.exe, with or without nddeagnt.exe, as in the above
example, then you can leave that entry alone. If you see F2 Shell =; if you
see explorer.exe by itself, it should be fine, if you don't, as in the above
example listing, then it could be a potential trojan or malware. When these
entries are fixed HijackThis does not delete the file associated with it.
You must manually delete these files.


--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com
 
Funny that, isn't it Figgs! At first glance he looks more intelligent
than Sooooge - criminal rather than merely impotent. But it is plain -
eventually, anyway - that he is just the standard low-brow.
Hi Shane.....

Yes, I agree. Decidedly a very low-class individual. Particularly in
regard to his gross, ignorant websites.

How ya doing, old sock?? Got Bonnie up and running yet?? And how is
your hand?

Cheers.....Figgs
 
Thisd evening I scanned my home computer with all the common antivirus,
antspyware, antimalware - free and store bought. After updating,
scanning, deleting files and rebooting everything seemed fine. The
entry regarding ibm00003.exe is gone. May be some persons have finally
read my posting in specialised forums like humha, spybot, etc and
finally fixed their updates to their softwares. Thank you everyone for
your help, time and effort.
 
Heather said:
Hi Shane.....

Yes, I agree. Decidedly a very low-class individual. Particularly in
regard to his gross, ignorant websites.

How ya doing, old sock?? Got Bonnie up and running yet?? And how is your
hand?

Haven't even touched the ol' gel yet, Heather. Too much quite possibly
irreplaceable stuff to risk dropping. I'm beginning to be able to contract
the fingers far enough to where a grip may be possible, but definately not a
fist. It's going to be months yet, and is becoming ever more apparent I'll
never have the full use back.
Cheers.....Figgs

You too, Sweetie. Thanks for asking.

Shaen
 
Back
Top