Nigeria con I think best u just forget it and move on.

PS: I do have his IP address and I tried to get this bastard by myself, but I don’t have the right tools…my trojans get detected and I’m not able to join a working trojan or/and keylogger with a word document…please, help me to get this SOB.

But if you removed all the permissions how will u restore them? <– Once you uncheck the box to remove the permissions, you check it back to restore the permissions. If you read the checkbox, it says “Inherit permissions …”.

The malware you should be afraid of, do you think it will not account for Process Explorer? <– Very good point. Conficker does that. As such, there is a way to masquerade such that Conficker does not know Process Explorer runs.

Problem is… the malware you’re not afraid of, antivirus will be able to detect anyway. The malware you should be afraid of, do you think it will not account for Process Explorer? <– Not true. Most of the time, I noticed the malware removed has not been detected by the antivirus. That is why I said, 25,000 virus everyday, AV software cannot keep up with the signatures.

I once encountered a really naughty chinese malware, … fix was to use a batch file to repeatedly kill both. In the race condition sooner or later the batch file will win. <– You are dealing with two exes, have you ever seen 5 exes protecting each other? Your method won’t work.

he said so far he never met anyone like that even tho there are script kiddies. <– Yes there are such people, but I can’t say it out loud, and you know why.

I like your article on the analysis, basically covering what is on the mind of most people that I spoke to. I guess my 15th talk should address some FAQ on some of the points raised. Catch you again.

Regards,
Tim Meng