|
PSEXESVC.EXE help
|
Lisa
04/09/03
|
Hi I wonder if there is anyone who can help me? I am desparate now and am on the verge of formating my pc. I was infected with a worm called deloder_a which has been successfully removed. I also found 2 files in winnit/temp with consisted of over 7.6Gb (which i deleted successfully)! However now i have a file in c/winnit/system32 called PSEXESVC.EXE which the firewall keeps asking me if i should allow it to connect to the internet, there was also another file called PSEXEC.EXE and WINSNC which I removed. The thing is that no virus scanners or trojan cleaners are detecting it. I even tried the DVLDR32.exe killer. I have deleted this file (psexesvc.exe) several times, however it keeps coming back. How can i clean my pc of this file once and for all?
Whilst thanking you for your kind replies,
Lisa
|
Royston
rsuechee@hotmail.com
04/19/03
|
i need to get rid of this worm...PSEXESVC.EXE.
Please help me..
|
Lisa
04/26/03
|
I found the best solution!
I formated my pc!
Lisa
|
Ray
06/21/03
|
PSEXESVC.EXE, in and of itself, is not a virus. It is part of a legitimate 3rd-party Windows utility, that viruses such as deloder and mumu deploy and use.
This particular executable runs as a service. So, open your Services control panel, and STOP the PSEXESVC service. Then, changed it's start-up property to "Disabled". Next, delete the executable from the System32 subdirectory of your C:\WINDOWS or C:\WINNT directory. You should also delete the service entry from the registry, but that's more than a newbie should be doing.
You may also find a process in your task manager called psexec.exe. This is related to psexesvc.exe. You should kill off psexec.exe, then delete it, also, from the System32 directory.
|
Theora55
07/11/03
|
Ray, what legitimate use does Psexesvc have?
|
Khalid Khan
09/29/03
|
Thanks Ray, I followed your instructions and I was able to freeze the PSEXESVC.EXE
Can you kindly post the instructions of removing it from the registry also.
Best regards
Khalid Khan
|
mac_diddy
10/07/03
|
click start, run, then type regedit and press enter.
Do a search in regedit for psexesvc and delete anything relating to it.
|
Graeme
10/09/03
|
http://www.webattack.com/get/adaware.html
Download and install it and it will do all the work for you.. and it will also detect and remove any other spyware etc
I suggest creating a restore point/backing up before using this.. and read the instructions.. make sure you understand it before use. Ive used it on several machines now.. always finds something.. Good luck
|
SP Sirupa
sp@azanda.com
10/22/03
|
Thanks to Ray to getrid of PSEXESVC.EXE warm.
To delete all PSEXESVC.EXE from teh service do this
The autorun keys it utilizes are as follows:
HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftWindows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delete PSEXESVC.EXE
|
Lisa
10/30/03
|
Found psexesvc once again on my pc for the 3rd time, although Ive always ended up formatting, that seems to be the only way to get rid of it for several weeks/months!!
Seems like it keeps on coming back, this annoying trojan is will not leave me alone! Maybe is some sort of software I'm using, or I'm using the wrong antivirus. Installed Adaware this morning and it discovered it, believe me since i was infected with the deloder.a I have been much much more carefull not to catch a virus. Hope I find some joy now on removing it
|
snowman
10/30/03
|
Lisa:
This is from Symantec's(norton) site:
# Psexec.exe: This file is 36,352 bytes and is a legitimate remote process launcher. This file is not malicious. The worm uses it to replicate itself.
They link to www.sysinternals.com, so presumably one of their apps uses it.
You can get a much better description( as well as a cleaning tool for deloder) at trendmicro
Check the technical details. it's a list of the 85 passwords the trojan requires to access your system. Hopefully yours is not present.
The link is here:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELODER.A
I'd run an on line virus scan for a second opinion.
|
m
youremessingwiththemaniac@yahoo.com
11/04/03
|
i have the trojan, and yet it won'tet me stop the service or delete the file. Is there any possible solution besides formatting?
|
snowman
11/04/03
|
Re:moval instructions here:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DELODER.A
|
