| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: October patches |
From: "Frank Haber" >"anti spyware" program from a company who is so intent on selling out I resented the mute smugness of the tools myself, and had rejected a few. Then I saw the below chastening stuff in the log, thanks to RichG. I wonder why nothing else caught it (including the decent MS/Giant program); I wonder how the process got started on a patched machine. I wonder, in fact, what the hell the thing is. Google has few hits. New? False positive? Come to think of it, the reportage is lousy, so I'm mad again. Of course, this alleged bot has four names, at four AV companies. SARC just mumbled on about the 2003 DCOM thing. Gotta go search on that filename..... ======== Quick Scan Removal Results ---------------- Terminating process with pid 740 Operation succeeded ! Terminating process with pid 740 Operation had previously completed. Terminating process with pid 740 Operation had previously completed. Deleting registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, entry: Messenger service Operation succeeded ! Terminating process with pid 740 Operation had previously completed. Deleting registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, entry: Messenger service Operation had previously completed. Terminating process with pid 740 Operation had previously completed. Deleting registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, entry: Messenger service Operation succeeded ! Terminating process with pid 740 Operation had previously completed. Deleting registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, entry: Messenger service Operation had previously completed. Deleting file C:\WINDOWS\system32\msgsms.exe Operation succeeded ! Deleting file C:\WINDOWS\system32\msgsms.exe Operation had previously completed. Deleting file C:\WINDOWS\system32\msgsms.exe Operation had previously completed. Deleting file C:\WINDOWS\system32\msgsms.exe Operation had previously completed. Deleting file C:\WINDOWS\system32\msgsms.exe Operation had previously completed. Results Summary: ---------------- Found Backdoor:Win32/Rbot!873E and Removed! Return code: 6 Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 11 13:26:20 2005 ------------------------------------------------------------------------------- -------- --- BBBS/NT v4.01 Flag-5* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45) SEEN-BY: 633/267 270 5030/786 @PATH: 379/45 1 106/2000 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.