Warning! nasty one

P

pcbutts1

I've seen this thing change group policy, expire passwords and modify the
boot.ini. Warning Newbie's don't go here or you will be asking for help to
get rid of it. 64_201_199_24 it arrives in email claiming to be a youtube
video. Dustin you like shit like this have fun.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell
 
B

Bart Bailey

I've seen this thing change group policy, expire passwords and modify the
boot.ini. Warning Newbie's don't go here or you will be asking for help to
get rid of it. 64_201_199_24 it arrives in email claiming to be a youtube
video. Dustin you like shit like this have fun.
Click to expand...

F-Prot sez:
VIDEO.EXE Infection: Possibly a new variant of
W32/Fathom.3-based!Maximus
 
A

Andy Walker

jen said:
Storm of the Day, Now with YouTube:
http://isc.sans.org/diary.html?storyid=3321

-jen
Click to expand...

The article doesn't mention it but the IP addresses in the malicious
links are infected zombie computers located all over the world. I
haven't yet seen two the same in all the samples I've collected,
although it is clear that infected computers can send out numerous
emails.

The F-Secure weblog has been pretty good at keeping up on the new
variants http://www.f-secure.com/weblog/
 
C

Clark

pcbutts1 said:
I've seen this thing change group policy, expire passwords and modify
the boot.ini. Warning Newbie's don't go here or you will be asking
for help to get rid of it. 64_201_199_24 it arrives in email claiming
to be a youtube video. Dustin you like shit like this have fun.
Click to expand...



I can't wait for my customers to Click it !!!

Cha Ching!!!


Clark
 
T

/Tx2

On Mon, 27 Aug 2007 17:54:18 -0400 Clark
from the village of (e-mail address removed)
felt we might be interested in the following...

I can't wait for my customers to Click it !!!
Click to expand...

Shouldn't your customers have adequate anti-virus/malware software in
place though?
Cha Ching!!!
Click to expand...

nuff said. Clearly someone who only pretends to be knowledgeable of
computers and security in order to cash in on their own incompetence
when their 'victims' have been misled.

Please die.
 
C

Clark

/Tx2 said:
On Mon, 27 Aug 2007 17:54:18 -0400 Clark
from the village of (e-mail address removed)
felt we might be interested in the following...



Shouldn't your customers have adequate anti-virus/malware software in
place though?


nuff said. Clearly someone who only pretends to be knowledgeable of
computers and security in order to cash in on their own incompetence
when their 'victims' have been misled.

Please die.
Click to expand...

LOL you ignorant whatever it is that you are.

Every single computer I work on has an antivirus and anti malware software
installed on them.
most of my customers have teenage kids that will click on and download
anything, and that's how they get infected.
Thank god for the reckless teenage bastards! I LOVE them!
(I make between $75 and $150 a repair). :)

Clark
 
D

Drumstick

LOL you ignorant whatever it is that you are.

Every single computer I work on has an antivirus and anti malware software
installed on them.
most of my customers have teenage kids that will click on and download
anything, and that's how they get infected.
Thank god for the reckless teenage bastards! I LOVE them!
(I make between $75 and $150 a repair). :)

Clark
Click to expand...

You remind me of a car salesman my brother worked with who used to brag
about how upside down his customers were when they left in their new car
then he would cry because he didn't get any repeat business.

Drum--
 
C

Clark

LOL you ignorant whatever it is that you are.
You remind me of a car salesman my brother worked with who used to
brag about how upside down his customers were when they left in their
new car then he would cry because he didn't get any repeat business.

Drum--
Click to expand...

Most of my business is repeat, trust me, I tell them how they get infected
and even print out the warnings from the F.B.I etc.
I can't help it that they cannot control their children, hell I even ask
them why does your 14 year old have broadband in their bedroom?
Then I warn them how dangerous the Internet is etc.,

They don't listen, so I go back 3 months later and clean up their systems
again.
I guess they can afford it.

Clark
 
D

Dustin Cook

Most of my business is repeat, trust me, I tell them how they get
infected and even print out the warnings from the F.B.I etc.
I can't help it that they cannot control their children, hell I even
ask them why does your 14 year old have broadband in their bedroom?
Then I warn them how dangerous the Internet is etc.,

They don't listen, so I go back 3 months later and clean up their
systems again.
I guess they can afford it.

Clark
Click to expand...

3 months seems to be the average. :( I don't like the idea of malware
mind you, but the business for removing it is good. I see your point and
understand it Clark. Many of my customers also have a dumb look on their
face even after you explain how they got infected, and how to prevent it
from happening again. I suppose, they do like paying for repairs.

The few posters who responded to you obviously don't do this for a
living, or if they do, they have customers without teenage children.


--
####################################################
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
Email: (e-mail address removed)
Web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
####################################################
 
D

Dustin Cook

I've seen this thing change group policy, expire passwords and modify
the boot.ini. Warning Newbie's don't go here or you will be asking for
help to get rid of it. 64_201_199_24 it arrives in email claiming to
be a youtube video. Dustin you like shit like this have fun.
Click to expand...

I'm a bit behind on things here lately butts. If you want to send a sample
along to my email, your welcome to do so.


--
####################################################
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
Email: (e-mail address removed)
Web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
####################################################
 
K

kurt wismer

Bart said:
F-Prot sez:
VIDEO.EXE Infection: Possibly a new variant of
W32/Fathom.3-based!Maximus
Click to expand...

maximus? i guess the folks up at fsi didn't notice all the fuss symantec
had over bloodhound...
 
T

/Tx2

On Thu, 30 Aug 2007 01:16:27 GMT Dustin Cook
from the village of (e-mail address removed)
felt we might be interested in the following...

[...]
The few posters who responded to you obviously don't do this for a
living, or if they do, they have customers without teenage children.
Click to expand...

I had a tremendously successful business dealing (in part) with exactly
what 'Clark' suggests requires 3 monthly visits, and rarely (if at all)
had any repeat business to customers with teenage children (having a 16
yr old myself).

A PC/user that are correctly configured/educated need not generate
repeat business in this way.

Indeed, i got more business through recommendation than i ever got
through repeat visits to a resurfaced problem.

Just demonstrating that it is NOT always that way Clark suggests it is,
and my experience of people like that is that they don't do a very good
job at the outset which secures them some repeat business further down
the line, or their competitors when the consumer becomes fed up with
keep calling them out.

I sold my business to a larger company after 5 years because I wanted a
change of direction in what I was doing, but became the top computer
services supplier in my county in that time.
 
C

Clark

/Tx2 said:
On Thu, 30 Aug 2007 01:16:27 GMT Dustin Cook
from the village of (e-mail address removed)
felt we might be interested in the following...

[...]
The few posters who responded to you obviously don't do this for a
living, or if they do, they have customers without teenage children.
Click to expand...

I had a tremendously successful business dealing (in part) with
exactly what 'Clark' suggests requires 3 monthly visits, and rarely
(if at all) had any repeat business to customers with teenage
children (having a 16 yr old myself).
Click to expand...

I'm sorry, I did not suggest 3 month revisits, it just happens that way
sometimes
Most of my customers, I see them maybe twice a year, either software,
malware, or hardware issues
But I stand by the fact, that after I warn them and tell them how they get
infected (Bearshare etc)
or looking for free porn, or downloading "free" screensavers, They still get
infected.

Hell one customer, she was into online poker (that required her to install
software from the website)
It took me two hours to clean her system (and even found a rootkit)
Three days later she called me back with the same problems of infection,
sure enough she installed the very software I told her not to.
She stated to me that since I installed and updated antivirus, spybot,
adaware, and others
She thought she could just install anything because she was "protected"

Had to charge her another hour for the new infection, which was new, because
I never leave a customer without checking that the machine is really clean.

Clark
 
D

Dustin Cook

On Thu, 30 Aug 2007 01:16:27 GMT Dustin Cook
from the village of (e-mail address removed)
felt we might be interested in the following...

[...]
The few posters who responded to you obviously don't do this for a
living, or if they do, they have customers without teenage children.
Click to expand...

I had a tremendously successful business dealing (in part) with exactly
what 'Clark' suggests requires 3 monthly visits, and rarely (if at all)
had any repeat business to customers with teenage children (having a 16
yr old myself).
Click to expand...
A PC/user that are correctly configured/educated need not generate
repeat business in this way.
Click to expand...

Indeed, I agree. However, when they insist on downloading, free
screensavers, online poker games, and new desktop themes, they usually
get something additional; despite being warned not to go for these
things. :(
Indeed, i got more business through recommendation than i ever got
through repeat visits to a resurfaced problem.
Click to expand...

Same here. However, I do have a certain set of customers where on
average, every 3 months I have to pay them another visit. :(
Just demonstrating that it is NOT always that way Clark suggests it is,
Click to expand...

I didn't mean to imply it was always like that, but it certainly can be.
Depends on the customer I suppose. Some of my customers follow
instructions well, and some do not.

and my experience of people like that is that they don't do a very good
job at the outset which secures them some repeat business further down
the line, or their competitors when the consumer becomes fed up with
keep calling them out.
Click to expand...

Well, I don't mean to toot my own horn here, but I have no real incentive
to waste the gas to visit them again for the same issue. I usually don't
bill them if the same thing has occured, unless I find evidence of
bearshare or something being installed AFTER I was there the last time.
I sold my business to a larger company after 5 years because I wanted a
change of direction in what I was doing, but became the top computer
services supplier in my county in that time.
Click to expand...

I worked for a respectable computer company here for the last 10 years
before deciding to go out on my own. I'm familiar with malware from a
programming standpoint as well as removal.


--
####################################################
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
Email: (e-mail address removed)
Web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
####################################################
 
D

Dustin Cook

I've seen this thing change group policy, expire passwords and modify
the boot.ini. Warning Newbie's don't go here or you will be asking for
help to get rid of it. 64_201_199_24 it arrives in email claiming to
be a youtube video. Dustin you like shit like this have fun.
Click to expand...

Hi again PcButts,

Any chance you will send the file for analysis?

If you will, you can send it to my gmail address if you will zip the file
(s), and encrypt them and rename the .zip to .dat or something so google
won't complain. I'd appreciate any cooperation from you that your willing
to give.


--
####################################################
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
Email: (e-mail address removed)
Web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
####################################################
 
D

Dustin Cook

You can get it from the link I posted.
Click to expand...

I cannot seem to gain access to anything at that address. :(
If you still have a viable sample of it and wouldn't mind sending it along
for analysis, I would appreciate it.


--
####################################################
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
Email: (e-mail address removed)
Web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
####################################################
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Remove-it Update 6
New Feature "Remove-it" 21
Coming soon Remove-it version 18 7
Remove-it v 14 released 46
Dave and his thieving ways 6

Top