Guest ~BD~ Posted August 18, 2008 Posted August 18, 2008 Hello, A friend has contacted me and said "Whenever I try to copy paste something my clipboard always contains this: hxxp://xp-vista-update.net/?id=71030000330. When I copy paste very fast (less than a second) then I sometimes end up copy pasting what I want, so it's probably some malware.." Has anyone any information which might help? TIA Dave -- Quote
Guest Casual Observer Posted August 18, 2008 Posted August 18, 2008 Seems to be pretty new. An article is printed about it at http://www.theregister.co.uk/2008/08/15/we...oard_hijacking/. They are not a malware removal site but seem to think that rebooting the PC will clear it up. "~BD~" <~BD~@nospam.invalid> wrote in message news:e$kTk7QAJHA.4252@TK2MSFTNGP02.phx.gbl... Hello, A friend has contacted me and said "Whenever I try to copy paste something my clipboard always contains this: hxxp://xp-vista-update.net/?id=71030000330. When I copy paste very fast (less than a second) then I sometimes end up copy pasting what I want, so it's probably some malware.." Has anyone any information which might help? TIA Dave -- Quote
Guest PA Bear [MS MVP] Posted August 18, 2008 Posted August 18, 2008 Malvertizements utilizing computer clipboards (copy and paste). http://msmvps.com/blogs/spywaresucks/archi...09/1644062.aspx The Clipboard hijacks continue.... http://msmvps.com/blogs/spywaresucks/archi...18/1644914.aspx -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ Casual Observer wrote:<span style="color:blue"> > Seems to be pretty new. An article is printed about it at > http://www.theregister.co.uk/2008/08/15/we...oard_hijacking/. > They are not a malware removal site but seem to think that rebooting the > PC > will clear it up. > > "~BD~" <~BD~@nospam.invalid> wrote in message > news:e$kTk7QAJHA.4252@TK2MSFTNGP02.phx.gbl... > Hello, > > A friend has contacted me and said "Whenever I try to copy paste something > my clipboard always contains this: > hxxp://xp-vista-update.net/?id=71030000330. When I copy paste very fast > (less than a second) then I sometimes end up copy pasting what I want, so > it's probably some malware.." > > Has anyone any information which might help? > > TIA > > Dave </span> Quote
Guest ~BD~ Posted August 18, 2008 Posted August 18, 2008 "Casual Observer" <whattodo@xyzabc.com> wrote in message news:uW3CqtSAJHA.4116@TK2MSFTNGP05.phx.gbl... Seems to be pretty new. An article is printed about it at http://www.theregister.co.uk/2008/08/15/we...oard_hijacking/. They are not a malware removal site but seem to think that rebooting the PC will clear it up. "~BD~" <~BD~@nospam.invalid> wrote in message news:e$kTk7QAJHA.4252@TK2MSFTNGP02.phx.gbl... Hello, A friend has contacted me and said "Whenever I try to copy paste something my clipboard always contains this: hxxp://xp-vista-update.net/?id=71030000330. When I copy paste very fast (less than a second) then I sometimes end up copy pasting what I want, so it's probably some malware.." Has anyone any information which might help? TIA Dave -- Hi. Interesting article. Thank you for posting the link! style_emoticons/ I'll watch out for developments. Dave -- Quote
Guest ~BD~ Posted August 18, 2008 Posted August 18, 2008 Hello Robear - thank you for your reply - see below. "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message news:%23u0L2hTAJHA.5048@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > Malvertizements utilizing computer clipboards (copy and paste). > http://msmvps.com/blogs/spywaresucks/archi...09/1644062.aspx > > The Clipboard hijacks continue.... > http://msmvps.com/blogs/spywaresucks/archi...18/1644914.aspx > -- > ~Robear Dyer (PA Bear) > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 > AumHa VSOP & Admin http://aumha.net > DTS-L http://dts-l.net/ > > Casual Observer wrote:<span style="color:green"> >> Seems to be pretty new. An article is printed about it at >> http://www.theregister.co.uk/2008/08/15/we...oard_hijacking/. >> They are not a malware removal site but seem to think that rebooting the >> PC >> will clear it up. >> >> "~BD~" <~BD~@nospam.invalid> wrote in message >> news:e$kTk7QAJHA.4252@TK2MSFTNGP02.phx.gbl... >> Hello, >> >> A friend has contacted me and said "Whenever I try to copy paste >> something >> my clipboard always contains this: >> hxxp://xp-vista-update.net/?id=71030000330. When I copy paste very fast >> (less than a second) then I sometimes end up copy pasting what I want, so >> it's probably some malware.." >> >> Has anyone any information which might help?>> >> TIA >> >> Dave</span></span> Hi style_emoticons/ I reviewed the information at each of the links you kindly provided. This is the first time that I've met the expression 'Malvertizements'! I was led here:- "Even computer security pros vulnerable to scams" on Yahoo News. http://news.yahoo.com/s/ap/20080807/ap_on_...Bt9uRqWSNYjtBAF "A relatively simple ruse persuaded dozens of prominent security analysts to connect on their social networking Web pages with people who weren't friends at all. They were fake profiles, purportedly of other well-known security pros. The scam was designed to expose the trust that even some of the most skeptical Internet users display on some of the most insecure sites on the Web." Things really have changed over the last few years! I really did trust folk .............. once-upon-a-time! Dave -- Quote
Guest ~BD~ Posted August 19, 2008 Posted August 19, 2008 Update: <span style="color:blue"> > I'll watch out for developments. > > Dave > -- > > ></span> 'Malvertizement' epidemic visits house of Newsweek.com See: http://www.theregister.co.uk/2008/08/18/ma...izing_epidemic/ Quote: "Newsweek.com is one of several high-profile websites suspected of running rogue banner advertisements that try to trick visitors into installing fraudulent anti-malware programs, security researchers warn. The malicious ads have been appearing on Newsweek's website via feeds that carry the Washingtonpost.com address, according to this post on the Bluetack Internet Security Solutions site. The ads redirect users to a site that falsely claims users' PCs are infected with malware and urges them to buy and install software that will remedy the problem. The banner graphic posed as an ad for www.easy-forex.com, which bills itself as an online foreign currency exchange". Dave -- Quote
Guest kalyan Posted September 5, 2008 Posted September 5, 2008 Hi This attack call HTTP Fake Scan Webpage Download the scanner & remove the Malware http://www.4shared.com/file/15436123/9ccf9...guefix_216.html "~BD~" <~BD~@nospam.invalid> wrote in message news:e$kTk7QAJHA.4252@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > Hello, > > A friend has contacted me and said "Whenever I try to copy paste something > my clipboard always contains this: > hxxp://xp-vista-update.net/?id=71030000330. When I copy paste very fast > (less than a second) then I sometimes end up copy pasting what I want, so > it's probably some malware.." > > Has anyone any information which might help? > > TIA > > Dave > > -- > > </span> Quote
Guest ~BD~ Posted September 5, 2008 Posted September 5, 2008 Hello Kalyan Crikey!! Do you realise that I almost mistook you for 'Kayman', a well-respected helper on these newsgroups! However, I copied and pasted your link into my AOL browser ........ and Google Chrome too! I noted that there have been 4 - yes, just four - downloads of this programme. Hmmmm! So now I'm left wondering ........ should I recommend it to my friend? Anyone else here ever tried it (or willing to experiment? <wink>) Dave -- "kalyan" <reach2kalyan@live.com> wrote in message news:eduhKPzDJHA.1184@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > Hi > > This attack call HTTP Fake Scan Webpage > > Download the scanner & remove the Malware > > http://www.4shared.com/file/15436123/9ccf9...guefix_216.html > > > > > "~BD~" <~BD~@nospam.invalid> wrote in message news:e$kTk7QAJHA.4252@TK2MSFTNGP02.phx.gbl...<span style="color:green"> >> Hello, >> >> A friend has contacted me and said "Whenever I try to copy paste something my clipboard always >> contains this: hxxp://xp-vista-update.net/?id=71030000330. When I copy paste very fast (less than >> a second) then I sometimes end up copy pasting what I want, so it's probably some malware.." >> >> Has anyone any information which might help? >> >> TIA >> >> Dave >> >> -- >> >></span> > > > </span> Quote
Guest David H. Lipman Posted September 5, 2008 Posted September 5, 2008 From: "~BD~" <BoaterDave@nospam.invalid> | Hello Kalyan | Crikey!! Do you realise that I almost mistook you for 'Kayman', a well-respected helper | on these | newsgroups! | However, I copied and pasted your link into my AOL browser ........ and Google Chrome | too! | I noted that there have been 4 - yes, just four - downloads of this programme. Hmmmm! | So now I'm left wondering ........ should I recommend it to my friend? | Anyone else here ever tried it (or willing to experiment? <wink>) | Dave That's because it is an illegitamate copy of Stuart Saunder's RogueFix which is currently at v2.195 (8/3/08) http://www.internetinspiration.co.uk/roguefix.htm It is what PCBUTTS1 plagiarized to become Remove-IT. Always get the file from the source or a source vetted as a mirror site. NEVER form other locations. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Gray B. Posted September 12, 2008 Posted September 12, 2008 http://clipboardextender.com/ has helpful info. On Sep 5, 3:00 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net> wrote:<span style="color:blue"> > From: "~BD~" <BoaterD...@nospam.invalid> > > | Hello Kalyan > > | Crikey!! Do you realise that I almost mistook you for 'Kayman', a well-respected helper > | on these > | newsgroups! > > | However, I copied and pasted your link into my AOL browser ........ and Google Chrome > | too! > > | I noted that there have been 4 - yes, just four - downloads of this programme. Hmmmm! > > | So now I'm left wondering ........ should I recommend it to my friend? > > | Anyone else here ever tried it (or willing to experiment? <wink>) > > | Dave > > That's because it is an illegitamate copy of Stuart Saunder's RogueFix which is currently > at  v2.195 (8/3/08) > > http://www.internetinspiration.co.uk/roguefix.htm > > It is what PCBUTTS1 plagiarized to become Remove-IT. > > Always get the file from the source or a source vetted as a mirror site.  NEVER form other > locations. > > -- > Davehttp://www.claymania.com/removal-trojan-adware.html > Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp</span> Quote
Guest ~BD~ Posted September 12, 2008 Posted September 12, 2008 "Gray B." <gbinal@gmail.com> wrote in message news:3e8d0ab4-5157-4b2f-ad27-8a36946f737b@d1g2000hsg.googlegroups.com... http://clipboardextender.com/ has helpful info. <snip> Hi Gary - many thanks for that lead. Lots of items of interest! style_emoticons/ Dave Quote
Guest ~BD~ Posted September 12, 2008 Posted September 12, 2008 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:O1e7$H5DJHA.4768@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > From: "~BD~" <BoaterDave@nospam.invalid> > > | Hello Kalyan > > | Crikey!! Do you realise that I almost mistook you for 'Kayman', a well-respected helper > | on these > | newsgroups! > > | However, I copied and pasted your link into my AOL browser ........ and Google Chrome > | too! > > | I noted that there have been 4 - yes, just four - downloads of this programme. Hmmmm! > > | So now I'm left wondering ........ should I recommend it to my friend? > > | Anyone else here ever tried it (or willing to experiment? <wink>) > > | Dave > > That's because it is an illegitamate copy of Stuart Saunder's RogueFix which is currently > at v2.195 (8/3/08) > > http://www.internetinspiration.co.uk/roguefix.htm > > It is what PCBUTTS1 plagiarized to become Remove-IT. > > Always get the file from the source or a source vetted as a mirror site. NEVER form other > locations. > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > > ></span> I somehow missed this post of yours Dave - my apologies for not responding earlier. In no way do I doubt what you say but, for any 'newbies' reading this, how can one be certain that internetinspiration.co.uk is a/the bonio-fido source? You mention a Stuart Saunder - but I've so far failed to spot that name on the site; perhaps I've simply missed it! You say that the OP posted an illegitimate link here and that Pcbutts1 has stolen RogueFix and re-invented it. That is (probably <wink>) true, but it's only your say-so, isn't it? What is needed is some global body with responsibility to check all web sites where 'help and advice' is being offered to the public at large. Expensive? Of course. Maybe a project for http://www.gatesfoundation.org/default.htm Dave Quote
Guest David H. Lipman Posted September 12, 2008 Posted September 12, 2008 From: "~BD~" <BoaterDave@nospam.invalid> | I somehow missed this post of yours Dave - my apologies for not responding earlier. | In no way do I doubt what you say but, for any 'newbies' reading this, how can one be | certain that | internetinspiration.co.uk is a/the bonio-fido source? | You mention a Stuart Saunder - but I've so far failed to spot that name on the site; | perhaps I've | simply missed it! | You say that the OP posted an illegitimate link here and that Pcbutts1 has stolen | RogueFix and | re-invented it. That is (probably <wink>) true, but it's only your say-so, isn't it? | What is needed | is some global body with responsibility to check all web sites where 'help and advice' | is being | offered to the public at large. Expensive? Of course. Maybe a project for | http://www.gatesfoundation.org/default.htm | Dave Look BoaterDave you are just plain clueless and you don't take the time for investigating things for your self. If you did your homework you could easily find out who the Registrant of www.internetinspiration.co.uk is and if you continued that work you would easily determine the email of the Registrant. This takes some knowledge that lack and so you question things. Well here's a hint on the idea how to do some investigation. I'll start with YOU.. NNTP-Posting-Host: 92.22.178.225 % Information related to '92.16.0.0 - 92.23.255.255' inetnum: 92.16.0.0 - 92.23.255.255 netname: CPWBBSERV-NET descr: Carphone Warehouse Broadband Services country: GB admin-c: GJB18-RIPE admin-c: PM58-RIPE tech-c: GJB18-RIPE tech-c: PM58-RIPE status: ASSIGNED PA mnt-by: OPAL-MNT source: RIPE # Filtered person: Gareth J Bowen address: Opal Telecommunications Plc address: Northbank Industrial Estate address: Irlam address: Manchester address: United Kingdom address: UK phone: +44 161 2222000 fax-no: +44 161 2222003 e-mail: gbowen@opaltelecom.co.uk nic-hdl: GJB18-RIPE mnt-by: OPAL-MNT source: RIPE # Filtered person: Phill Magill address: Opal Telecommunications Plc address: Northbank Industrial Estate address: Irlam address: Manchester address: M44 5BL address: United Kingdom phone: +44 161 222-2000 fax-no: +44 161 222-2008 e-mail: pmagill@opaltelecom.co.uk nic-hdl: PM58-RIPE mnt-by: OPAL-MNT source: RIPE # Filtered % Information related to '92.0.0.0/11AS13285' route: 92.0.0.0/11 descr: Carphone Warehouse Broadband Services Autonomous System origin: AS13285 mnt-by: OPAL-MNT source: RIPE # Filtered % Information related to '92.20.0.0/14AS43234' route: 92.20.0.0/14 descr: CPW-BS-Subscribers-LOH-2 origin: AS43234 mnt-by: OPAL-MNT source: RIPE # Filtered Using the same investigational concept one can determine WHOIS information on www.internetinspiration.co.uk As for the theft of RogueFix. Well in the anti malware community this was HIGHLY documented. I am just one of group of individuals who have investigated this plagiarism from the start. The fact is I first posted a URL of RogueFix in a.c.v Butts read my post and found the RougeFix BAT and at that point all of a sudden was posting SuperFix on his web site around 9/'06 and it was RogueFix's code. By Jan '07 it was renamed and branded as SpyErase and was using an Inno Setup package. By March '07 it was again re-branded as Remove-It. While this was going on Butts was password protecting the installer. You couldn't install it w/o a password. The anti malware community, from the POV of different countries, played with Butts and obtained several passwords. For example ... A british investagator got Butts to give him a password arounf 11/19/06 which was ... IdFqmTh~:_/AjyD!>-O^%Om.?m]Cg+0kItz4jZ?"YHc`s;ujS4>lu<_ Another investigator from Belgium arount 11/27/06 I't$>:xn&5(5CW}6sju^8~W3Fw[@)%wM>BT=\n-I_u= 2^!R/"g}b7| By Ja 7, 07 the password for SpyErase was }z+q9%}@ne1h)SE=\Q+]em.a4>L0<t&Tv[^SSFpmkoiq0R~3<s+ ar5 I could go on and on... The anti malware community has highly documented the plagiarism of RogueFix to what is now Remove-It. In fact in January '07 the anti malware community joined with Stuart Saunders and the community create a false code marker and inserted it in RogueFix. By Jan 13, '07 Butts posted... "Anybody want to test a modification to Spyerase that I just put together. There is a strange issue I am trying to fix that I think may be machine specific so I need someone to test it for me. The glitch will not harm your system. Email me, Trolls need not apply." By Jan 15' 07 Butts posted... "New Spyerase version 10, it's fast and free. It now has over 1700 signatures to remove All variants of Virusburst, Spy sheriff and others. New Feature, Spyerase will now update your hosts file. This tool is designed to Specifically remove all variants. Scan time is about 2 minutes. Designed for Windows 2000/XP only. Password is still required. First read this page http://www.pcbutts1.com/downloads then download Spyerase from here http://www.pcbutts1.com/downloads/spyerasesetup.zip" The password was... H/G/^u5`f` YNb.4&MJZXS1w5 -kkpsxk47b\CdkB<-u]~U>to'naA4 And the false code marker was found in SpyErase. So to answer... "but it's only your say-so, isn't it?" No, there is a whole community who has documented this ! -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest ~BD~ Posted September 12, 2008 Posted September 12, 2008 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:OdDiMaMFJHA.4064@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > From: "~BD~" <BoaterDave@nospam.invalid> ></span> <snip> I really appreciate your comprehensive reply, Dave. Thank you. What surprised me about all the information you posted was that there was absolutely no mention of AOL, supposedly my ISP. No doubt the explanation is really simple. I any reader can help explain, I'd be most grateful. I wonder, too, if you could explain this term to me: ' IP PTR:IP does not resolve to a hostname ' I am trying to learn. I'm not totally clueless! <smile> Please take a look here: http://www.malwarebytes.org/forums/index.p...topic=5656&st=0 Thanks in anticipation of further help. Dave Quote
Guest Heather Posted September 12, 2008 Posted September 12, 2008 "~BD~" <BoaterDave@nospam.invalid> wrote in message news:%23FErgyMFJHA.5484@TK2MSFTNGP03.phx.gbl...<span style="color:blue"> > > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message > news:OdDiMaMFJHA.4064@TK2MSFTNGP05.phx.gbl...<span style="color:green"> >> From: "~BD~" <BoaterDave@nospam.invalid> >></span> > <snip> > > I am trying to learn. I'm not totally clueless! <smile> > > Thanks in anticipation of further help. ></span> AARRGGHH..........David is right......you ARE clueless!! Does BD stand for brain dead ?? I for one do not have the patience for your stupid enquiries, which have not improved one iota in the past year!! Who gives a damn about your 2 different IP numbers. They are easily explained and understood by the rest of the ng. You are so frickin' annoying with your moronic queries!! HF Quote
Guest ~BD~ Posted September 12, 2008 Posted September 12, 2008 "Heather" <figgyd@nospam.invalid> wrote in message news:uP0DBUQFJHA.5088@TK2MSFTNGP05.phx.gbl... Before I respond ............ a question. Are you Dustin's friend, Heather? -- Quote
Guest David H. Lipman Posted September 12, 2008 Posted September 12, 2008 From: "~BD~" <BoaterDave@nospam.invalid> | "Heather" <figgyd@nospam.invalid> wrote in message | news:uP0DBUQFJHA.5088@TK2MSFTNGP05.phx.gbl... | Before I respond ............ a question. | Are you Dustin's friend, Heather? | -- I am sure that Figgs knows Dustin but I don't think she is a "friend" of his. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest PA Bear [MS MVP] Posted September 12, 2008 Posted September 12, 2008 That must be BD's fifth or sixth ISP in as many years. Wonder why he keeps switching...or having to switch? <w> David H. Lipman wrote: <snip><span style="color:blue"> > Look BoaterDave you are just plain clueless and you don't take the time > for > investigating things for your self. > > If you did your homework you could easily find out who the Registrant of > www.internetinspiration.co.uk is > and if you continued that work you would easily determine the email of the > Registrant. > > This takes some knowledge that lack and so you question things. Well > here's a hint on the idea how to do some investigation. I'll start with > YOU.. > > NNTP-Posting-Host: 92.22.178.225 > > % Information related to '92.16.0.0 - 92.23.255.255' > > inetnum: 92.16.0.0 - 92.23.255.255 > netname: CPWBBSERV-NET > descr: Carphone Warehouse Broadband Services > country: GB > admin-c: GJB18-RIPE > admin-c: PM58-RIPE > tech-c: GJB18-RIPE > tech-c: PM58-RIPE > status: ASSIGNED PA > mnt-by: OPAL-MNT > source: RIPE # Filtered > > person: Gareth J Bowen > address: Opal Telecommunications Plc > address: Northbank Industrial Estate > address: Irlam > address: Manchester > address: United Kingdom > address: UK > phone: +44 161 2222000 > fax-no: +44 161 2222003 > e-mail: gbowen@opaltelecom.co.uk > nic-hdl: GJB18-RIPE > mnt-by: OPAL-MNT > source: RIPE # Filtered</span> <snip> Quote
Guest Tom [Pepper] Willett Posted September 12, 2008 Posted September 12, 2008 because he's a frickin' nut!!! "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message news:OG6YUCRFJHA.4104@TK2MSFTNGP04.phx.gbl... : That must be BD's fifth or sixth ISP in as many years. Wonder why he keeps : switching...or having to switch? <w> : : David H. Lipman wrote: : <snip> : > Look BoaterDave you are just plain clueless and you don't take the time : > for : > investigating things for your self. : > : > If you did your homework you could easily find out who the Registrant of : > www.internetinspiration.co.uk is : > and if you continued that work you would easily determine the email of the : > Registrant. : > : > This takes some knowledge that lack and so you question things. Well : > here's a hint on the idea how to do some investigation. I'll start with : > YOU.. : > : > NNTP-Posting-Host: 92.22.178.225 : > : > % Information related to '92.16.0.0 - 92.23.255.255' : > : > inetnum: 92.16.0.0 - 92.23.255.255 : > netname: CPWBBSERV-NET : > descr: Carphone Warehouse Broadband Services : > country: GB : > admin-c: GJB18-RIPE : > admin-c: PM58-RIPE : > tech-c: GJB18-RIPE : > tech-c: PM58-RIPE : > status: ASSIGNED PA : > mnt-by: OPAL-MNT : > source: RIPE # Filtered : > : > person: Gareth J Bowen : > address: Opal Telecommunications Plc : > address: Northbank Industrial Estate : > address: Irlam : > address: Manchester : > address: United Kingdom : > address: UK : > phone: +44 161 2222000 : > fax-no: +44 161 2222003 : > e-mail: gbowen@opaltelecom.co.uk : > nic-hdl: GJB18-RIPE : > mnt-by: OPAL-MNT : > source: RIPE # Filtered : <snip> : Quote
Guest David H. Lipman Posted September 12, 2008 Posted September 12, 2008 From: "~BD~" <BoaterDave@nospam.invalid> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message | news:OdDiMaMFJHA.4064@TK2MSFTNGP05.phx.gbl...<span style="color:blue"><span style="color:green"> >> From: "~BD~" <BoaterDave@nospam.invalid></span></span> | <snip> | I really appreciate your comprehensive reply, Dave. Thank you. | What surprised me about all the information you posted was that there was absolutely no | mention of | AOL, supposedly my ISP. No doubt the explanation is really simple. I any reader can | help explain, | I'd be most grateful. | I wonder, too, if you could explain this term to me: ' IP PTR:IP does not resolve to a | hostname ' | I am trying to learn. I'm not totally clueless! <smile> | Please take a look here: | http://www.malwarebytes.org/forums/index.p...topic=5656&st=0 | Thanks in anticipation of further help. | Dave To continue what I wrote... I assisted Stuart Saunders with dealing with the plagiarism of Stuart's RogueFix and he filed a complaint based upon the Digital Millenium Copyright Act (DMCA) with the host provider of PCBUTTS1.Com. After several attempts the host provider considered the violation valid and Butts was forced to take SpyErase off his web site. Since he is a consistent liar, he came up with a stupid and lame excuse for no longer hosting it. He posted he sold the SpyErase technology to an unidentified entity. Since it was nothing more than a batch file, there is nothing that could have been sold and we in the anti malware community knew the truth that he was forced to remove SpyErase or have his PCBUTTS1.Com site shutdown. This is all documented with the orginal DMCA Takedown Notification sent to the hosting comapny and their subsequent reply. At this point, Butts knowing I assisted Stuart commited fraud. I had a relationship with Ian Kenefick and his web site IK-CS.Com. I provided content for his site in the realm of malware and allowed Ian to host my Multi AV Scanning Tool and other tools, of orginal creation, on his web site. Butts used a Sock Puppet, Gregory Taylor, and sent a fraudulent DMCA notification to Ian's hosting company that provided IK-CS.Com, IpoweredWeb The contents of teh fraudulent DMCA Takedown Notification... -------------- 1. The Multi-AV, WinfixerFix, and Smithfraud tool hosted on the site listed below is infringing upon my copyrighted material. All three programs have been written by me and hosted without my permission. http://www.ik-cs.com/v2/got-a-virus.htm http://www.ik-cs.com/programs/virtools/Multi_AV.exe http://www.ik-cs.com/programs/virtools/WinFixerFix.exe http://www.ik-cs.com/programs/virtools/SmitFraud.exe 2.All three programs listed above use a utility called WGET.exe which belongs to me. I am the author of that program and the website has No permission to use it. References to my wget program can be found here. http://www.ik-cs.com/v2/multi-av.htm http://www.ik-cs.com/v2/winfixerfix.htm http://www.ik-cs.com/v2/smitfraud.htm 3. The hard copy of my copyright and trademark is stored at my location in California. 4.I can be reached at the following email address trgreg@gmail.com 5. I have a good faith belief that use of the copyrighted materials described above on the infringing web pages is not authorized by my registered copyright and by the law. I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner of an exclusive right that is infringed. Gregory Taylor President and CEO GT tools inc -------------- Now, there are two important facts. The first is the Multi AV Scanning Tool is an original tool created by me and was based upon previous works where the front-end of 4 anti virus scanners started as individual scanners for McAfee and Trend Micro. Subsequently I combined the two with kaspersky and Sophos to make the Multi AV Scanning Tool. They were NOT created in a vacuum. I collaborated with several individuals who worked with me from the start. They include Art Kopp (A.C.V and A.C.A-V), BigBruva (M.P.S.V) and NTDOC of the KiXtart Forums to name a few. Therefore I have irrefutable proof of the sole creation of the Multi AV Scanning tool and the predeccsor utilities that led me to create it. Secondly is the following which was used... "...use a utility called WGET.exe which belongs to me." The WGET utility is provided as free software http://gnuwin32.sourceforge.net/packages/wget.htm It is licensed as free sofware through the GNU GENERAL PUBLIC LICENSE and the Free Software Foundation, Inc. It states... "GNU Wget is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version..." Since I first started writing my anti malware utiliies using the KiXtart scripting language, I have included the GNU WGET utility. By using a Sock Puppet, Butts committed "fraud" under the US Penal code. By using the text in the DMCA Takedown Notification (under statute)... "All three programs listed above use a utility called WGET.exe which belongs to me. I am the author of that program and the website has No permission to use it", Butts committed Perjury under the US Penal Code. Even if you make a claim against the KiXtart programming, stating WGET needs permission to redistribute should have invalidated the fraudulent claim. However, Ian Kenefick is not a US citizen. He is a citezen of Ireland and they failed to comply with a valid, and legal (by statute), "Counter Notification and the web site IK-CS.Com was permantly shutdown. There is/was no "Gregory Taylor" and there is/was no "GT tools inc". No address was provided and trgreg@gmail.com is a free GMail acoount with no vetting as to its source. This too should have invalidated the claim but, the lawyer for the hosting company, IPoweredWeb, ignored these facts. To get back to SpyErase... Butts did remove SpyErase from his website. However, Butts the re-packaged SpyErase as Remove-It and was still password protected. The antti malware community continued to obtain the passwords for each iteration and it was immediately evident that SuperFix, SpyErase and Remove-It were all the same. All plagiarized code from Stuart Sauder's RogueFix. Later, butts modified Remove-It by extracting Registry modifications from the batch file and creating .REG files and he then made it available without a password. This is how it is hosted Today. On the same page as Remove-It, http://pcbutts1.com/downloads/tools/tools.htm , is "What's Live Running Now". This is a VBS script. It is in fact a plagiarized version of "Silent Runners" by; Andrew Aronoff -- http://www.silentrunners.org/ I could go on and on with other examples of Butts plagiarism such as Robert A. Cooper's NailFix, a script created by MS MVP Kelly Theriot and MS MVP Noahdfear. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Heather Posted September 12, 2008 Posted September 12, 2008 Can we add frickin' ANNOYING nut ?? I have no patience with lamebrains who ask stupid questions and then keep bugging you guys (aka MVP's) to drop what you are doing and answer him. Hi Pooh Bear......how's the boa?? "Tom [Pepper] Willett" <tom@youreadaisyifyoudo.com> wrote in message news:%23bFxxURFJHA.1456@TK2MSFTNGP03.phx.gbl...<span style="color:blue"> > because he's a frickin' nut!!! > > "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message > news:OG6YUCRFJHA.4104@TK2MSFTNGP04.phx.gbl... > : That must be BD's fifth or sixth ISP in as many years. Wonder why > he > keeps > : switching...or having to switch? <w> > : > : David H. Lipman wrote: > : <snip> > : > Look BoaterDave you are just plain clueless and you don't take the > time > : > for > : > investigating things for your self. > : > > : > If you did your homework you could easily find out who the > Registrant of > : > www.internetinspiration.co.uk is > : > and if you continued that work you would easily determine the > email of > the > : > Registrant. > : > > : > This takes some knowledge that lack and so you question things. > Well > : > here's a hint on the idea how to do some investigation. I'll > start with > : > YOU.. > : > > : > NNTP-Posting-Host: 92.22.178.225 > : > > : > % Information related to '92.16.0.0 - 92.23.255.255' > : > > : > inetnum: 92.16.0.0 - 92.23.255.255 > : > netname: CPWBBSERV-NET > : > descr: Carphone Warehouse Broadband Services > : > country: GB > : > admin-c: GJB18-RIPE > : > admin-c: PM58-RIPE > : > tech-c: GJB18-RIPE > : > tech-c: PM58-RIPE > : > status: ASSIGNED PA > : > mnt-by: OPAL-MNT > : > source: RIPE # Filtered > : > > : > person: Gareth J Bowen > : > address: Opal Telecommunications Plc > : > address: Northbank Industrial Estate > : > address: Irlam > : > address: Manchester > : > address: United Kingdom > : > address: UK > : > phone: +44 161 2222000 > : > fax-no: +44 161 2222003 > : > e-mail: gbowen@opaltelecom.co.uk > : > nic-hdl: GJB18-RIPE > : > mnt-by: OPAL-MNT > : > source: RIPE # Filtered > : <snip> > : > > </span> Quote
Guest Heather Posted September 12, 2008 Posted September 12, 2008 "~BD~" <BoaterDave@nospam.invalid> wrote in message news:%23tId44QFJHA.616@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > > "Heather" <figgyd@nospam.invalid> wrote in message > news:uP0DBUQFJHA.5088@TK2MSFTNGP05.phx.gbl... > > Before I respond ............ a question. > > Are you Dustin's friend, Heather? ></span> And what does that have to do with your response?? Quote
Guest ~BD~ Posted September 12, 2008 Posted September 12, 2008 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:Ol9hmhRFJHA.452@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > From: "~BD~" <BoaterDave@nospam.invalid></span> <snip I really, really appreciate your second comprehensive reply, Dave. Thank you. <smile> <span style="color:blue"> > | What surprised me about all the information you posted was that there was absolutely no > | mention of > | AOL, supposedly my ISP. No doubt the explanation is really simple. I any reader can > | help explain, > | I'd be most grateful.</span> I've now discovered that Carphone Warehouse has purchased AOL UK !!!!! I knew there would be a simple explanation. style_emoticons/ <span style="color:blue"> > | I wonder, too, if you could explain this term to me: ' IP PTR:IP does not resolve to a > | hostname '</span> <snip> No advice forthcoming! I know it's a reverse DNS ........... - but is it significant if there is no host name? ------------------------------------------------------------------ I can't help thinking that you should have all of this information posted on a web site - yes, your very own David H Lipman site. You could then simply direct enquiring folk to it and also host your various tools there too. It doesn't cost very much nowadays. I note that you are still at work so I'm sure you could afford it! style_emoticons/ Dave Quote
Guest ~BD~ Posted September 12, 2008 Posted September 12, 2008 "Heather" <figgyd@nospam.invalid> wrote in message news:uyR6CvRFJHA.1268@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > > "~BD~" <BoaterDave@nospam.invalid> wrote in message news:%23tId44QFJHA.616@TK2MSFTNGP06.phx.gbl...<span style="color:green"> >> >> "Heather" <figgyd@nospam.invalid> wrote in message news:uP0DBUQFJHA.5088@TK2MSFTNGP05.phx.gbl... >> >> Before I respond ............ a question. >> >> Are you Dustin's friend, Heather? >></span> > And what does that have to do with your response?? > ></span> I have a feeling that Dustin once mentioned a friend called Heather (in a newsgroup thread) and was quite forceful in suggesting that I didn't post anything to upset her. As he is my cyber-friend, I wouldn't want to go against his wishes. HTH Dave Quote
Guest ~BD~ Posted September 12, 2008 Posted September 12, 2008 "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message news:OG6YUCRFJHA.4104@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > That must be BD's fifth or sixth ISP in as many years. Wonder why he keeps switching...or having > to switch? <w></span> You are not often wrong Robear, but you are this time! Ten years ago I subscribed to Freeserve. Freeserve were bought by Wanadoo.Wanadoo was bought by Orange. I remained with them throughout the changes. After the theft of my identity in 2005, I elected to take advantage of a Broadband package being offered by AOL which included a Netgear router to enable wireless connection. I joined in early 2006 and I have been with AOL ever since (albeit that shortly after I became a subscriber, AOL UK was hived off by parent group Time Warner ) Although still trading as AOL UK, the company has been bought by Carphone Warehouse and is the third largest ISP in the UK. So, that's really just TWO ISP's in ten years. Earlier this year I took advantage of the newly available 3G Mobile Broadband technology so that I can use my laptop for Internet connection when I am cruising the British Waterays on my narrowboat. This additional ISP is called 'Three'. HTH - it's the truth! See http://www.malwarebytes.org/forums/index.p...599entry27599 Dave PS Could you provide me with a copy of the long thread I started at Aumha regarding Annexcafe? Maybe it's gone forever! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.