Hi bodomchild & "oldman",
Consider this: O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\Windows\PSEXESVC.EXE (file missing)
=======================
PsExec is a light weight Telnet program that is used by Backdoor Trojans. It
can be installed remotely through an open/unsecure NetBios connection. You can
disable the service and remove the file, but if your machine has been open to a
backdoor, there is no telling what they may have done. The only safe fix is to
wipe the disk and reinstall.
J.A. Coutts
Systems Engineer
MantaNet/TravPro
1. COVERT ANALYSIS OF: PSEXESVC.EXE
* File Names Used: 3
* Paths Used: 4
* Common File Name: PSEXESVC.EXE
* Common Path: %WINDIR%\SYSTEM32\
* Vendor Information: Sysinternals
* Product Information: PsExec Service
* Version Information: 1.42
* PSEXESVC.EXE may use 3 or more path and file names, these are the most common:
* File Name Structure: Normal
* File and Path Structure: Normal
2. RELATIONSHIP ANALYSIS OF: PSEXESVC.EXE
* No relationship details available for this object
3. ACTIVITY ANALYSIS OF: PSEXESVC.EXE
* The following behaviors have been observed for this object:
* Runs other programs.
4. PROPAGATION ANALYSIS OF: PSEXESVC.EXE
* Malware Group Propagation Rate: Moderate (spreading)
* Malware Group: Tool Win32 PsExec 123
* Copyright Prevx Limited 2005, 2006
Other versions:
http://spywarefiles.prevx.com/ssADJI3985/PSEXmore.htmlpolonus