In article <Jmd++7PwtU$+(E-Mail Removed)>,
(E-Mail Removed) says...
>
>Hi
>
>I'm running Adaware 6.0, Spybot S&D, PestPatrol, with Agnitum Tauscan,
>Anti Trojan, Agnitum Outpost Personal Firewall loading at startup and
>NAV 2003 on my W2K/Mozilla Firebird PC.
>
>I run Adaware & Spybot S&D every day, PestPatrol runs in the background.
>Adaware keeps picking up psevesvc.exe, and the registry entry Regkey
>HKEY_LOCAL_MACHINE:SYSTEM\CurrentControlSet\Services\PSEXESVC\ as
>possible Trojans, and successfully removes them, yet they keep coming
>back.
>
>Any ideas, anyone?
>
>TIA
>--
>Paul B
**************** REPLY SEPARATER *****************
PsExec is a light weight Telnet program that is used by Backdoor Trojans. It
can be installed remotely through an open/unsecure NetBios connection. You can
disable the service and remove the file, but if your machine has been open to a
backdoor, there is no telling what they may have done. The only safe fix is to
wipe the disk and reinstall.
J.A. Coutts
Systems Engineer
MantaNet/TravPro
-----------------------------------------------------------------------
Utilities like Telnet and remote control programs like Symantec's PC Anywhere
let you execute programs on remote systems, but they can be a pain to set up
and require that you install client software on the remote systems that you
wish to access. PsExec is a light-weight telnet-replacement that lets you
execute processes on other systems, complete with full interactivity for
console applications, without having to manually install client software.
PsExec's most powerful uses include launching interactive command-prompts on
remote systems and remote-enabling tools like IpConfig that otherwise do not
have the ability to show information about remote systems.
-------------------------------------------------------------------------
