How do I get rid of psexesvc.exe

[Paul]

Hi

I'm running Adaware 6.0, Spybot S&D, PestPatrol, with Agnitum Tauscan,
Anti Trojan, Agnitum Outpost Personal Firewall loading at startup and
NAV 2003 on my W2K/Mozilla Firebird PC.

I run Adaware & Spybot S&D every day, PestPatrol runs in the background.
Adaware keeps picking up psevesvc.exe, and the registry entry Regkey
HKEY_LOCAL_MACHINE:SYSTEM\CurrentControlSet\Services\PSEXESVC\ as
possible Trojans, and successfully removes them, yet they keep coming
back.

Any ideas, anyone?

TIA

 

[David W. Hodgins]

I'm running Adaware 6.0, Spybot S&D, PestPatrol, with Agnitum Tauscan, Anti Trojan, Agnitum Outpost Personal Firewall loading at startup and NAV 2003 on my W2K/Mozilla Firebird PC.
I run Adaware & Spybot S&D every day, PestPatrol runs in the background. Adaware keeps picking up psevesvc.exe, and the registry entry Regkey HKEY_LOCAL_MACHINE:SYSTEM\CurrentControlSet\Services\PSEXESVC\ as possible Trojans, and successfully removes them, yet they keep coming back.

See http://securityresponse.symantec.com/avcenter/venc/data/pf/backdoor.irc.ratsou.html
for the probable source of this trojan.

Regards, Dave Hodgins

 

[Robin T Cox]

Hi

I'm running Adaware 6.0, Spybot S&D, PestPatrol, with Agnitum
Tauscan, Anti Trojan, Agnitum Outpost Personal Firewall loading at
startup and NAV 2003 on my W2K/Mozilla Firebird PC.

I run Adaware & Spybot S&D every day, PestPatrol runs in the
background. Adaware keeps picking up psevesvc.exe, and the registry
entry Regkey
HKEY_LOCAL_MACHINE:SYSTEM\CurrentControlSet\Services\PSEXESVC\ as
possible Trojans, and successfully removes them, yet they keep coming
back.

Any ideas, anyone?

TIA

I suggest you report this to the SpywareInfo Forum experts by using the
HijackThis scanner.

Download 'Hijack This!' at http://www.tomcoyote.org/hjt/
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save
Log" button. Press that, save the log, load it in Notepad, and copy its
contents. Most of what it lists will be harmless or even essential,
don't fix anything yet.

Then go to http://www.spywareinfo.com/forums/.

Just Sign in, or post as a guest,and go to the Spyware and Hijackware
Removal section. Press "new topic", explain your problem, and
copy and paste the contents of the Hijack This log into your new
message.

 

[John Coutts]

Hi

I'm running Adaware 6.0, Spybot S&D, PestPatrol, with Agnitum Tauscan,
Anti Trojan, Agnitum Outpost Personal Firewall loading at startup and
NAV 2003 on my W2K/Mozilla Firebird PC.

I run Adaware & Spybot S&D every day, PestPatrol runs in the background.
Adaware keeps picking up psevesvc.exe, and the registry entry Regkey
HKEY_LOCAL_MACHINE:SYSTEM\CurrentControlSet\Services\PSEXESVC\ as
possible Trojans, and successfully removes them, yet they keep coming
back.

Any ideas, anyone?

TIA

**************** REPLY SEPARATER *****************
PsExec is a light weight Telnet program that is used by Backdoor Trojans. It
can be installed remotely through an open/unsecure NetBios connection. You can
disable the service and remove the file, but if your machine has been open to a
backdoor, there is no telling what they may have done. The only safe fix is to
wipe the disk and reinstall.

J.A. Coutts
Systems Engineer
MantaNet/TravPro
-----------------------------------------------------------------------
Utilities like Telnet and remote control programs like Symantec's PC Anywhere
let you execute programs on remote systems, but they can be a pain to set up
and require that you install client software on the remote systems that you
wish to access. PsExec is a light-weight telnet-replacement that lets you
execute processes on other systems, complete with full interactivity for
console applications, without having to manually install client software.
PsExec's most powerful uses include launching interactive command-prompts on
remote systems and remote-enabling tools like IpConfig that otherwise do not
have the ability to show information about remote systems.
-------------------------------------------------------------------------