From: "Rich Gauszka" 

I have a Sony Vaio laptop ( PCG-TR3AP ) that has a hard time booting after
the Tool runs. The mrt.log file shows no problems. Naturally I forgot to
uncheck the Tool for the Sony laptop this time and spent about 15 minutes
coaxing the dang Sony to complete a full boot again.  It will boot worry
free till the next patch cycle


"Frank Haber"  wrote in message
news:434e9939$1{at}w3.nls.net...
> >"anti spyware" program from a company who is so intent
on selling out
>
> I resented the mute smugness of the tools myself, and had rejected a few.
> Then I saw the below chastening stuff in the log, thanks to RichG.  I
> wonder why nothing else caught it (including the decent MS/Giant program);
> I wonder how the process got started on a patched machine.  I wonder, in
> fact, what the hell the thing is.  Google has few hits.  New?  False
> positive?  Come to think of it, the reportage is lousy, so I'm mad again.
> Of course, this alleged bot has four names, at four AV companies.  SARC
> just mumbled on about the 2003 DCOM thing.  Gotta go search on that
> filename.....
>
> ========
>
> Quick Scan Removal Results
> ----------------
> Terminating process with pid 740
> Operation succeeded !
>
> Terminating process with pid 740
> Operation had previously completed.
>
> Terminating process with pid 740
> Operation had previously completed.
>
> Deleting registry value
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, entry:
> Messenger service
> Operation succeeded !
>
> Terminating process with pid 740
> Operation had previously completed.
>
> Deleting registry value
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, entry:
> Messenger service
> Operation had previously completed.
>
> Terminating process with pid 740
> Operation had previously completed.
>
> Deleting registry value
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, entry: Messenger
> service
> Operation succeeded !
>
> Terminating process with pid 740
> Operation had previously completed.
>
> Deleting registry value
> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, entry: Messenger
> service
> Operation had previously completed.
>
> Deleting file C:\WINDOWS\system32\msgsms.exe
> Operation succeeded !
>
> Deleting file C:\WINDOWS\system32\msgsms.exe
> Operation had previously completed.
>
> Deleting file C:\WINDOWS\system32\msgsms.exe
> Operation had previously completed.
>
> Deleting file C:\WINDOWS\system32\msgsms.exe
> Operation had previously completed.
>
> Deleting file C:\WINDOWS\system32\msgsms.exe
> Operation had previously completed.
>
>
> Results Summary:
> ----------------
> Found Backdoor:Win32/Rbot!873E and Removed!
>
> Return code: 6
> Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 11
> 13:26:20 2005
>
>
> -----------------------------------------------------------------------------
----------
>

--- BBBS/NT v4.01 Flag-5