Trojan

[TRshady]

I have zonealarm with everything in "high", norton anti-virus, updated and scan week and use spy bot everyday but for some reason they ALL let a trojan in and never spotted it, here it is:

RegKey : SYSTEM\CurrentControlSet\Services\PSEXESVC

"PSEXESVC.exe" is the process so check task manager.

I managed to spot it by using an ad-aware scan. even trojan remover never spotted it, and I thought I was safe .................

[RPerry]

this has happened to me before with one of those "corporate" type trojans. the ones people use to spy on each other. did you find out where this trojan came from?

[Acecool]

If you pack a trojan differently then its undetected.



For example, download sub7, dont use their packer, download some packer and package it, theres your undetected virus

soo :-/



Windows kind of sucks because there are millions / billions? of viruses for it, linux theres about 4 viruses that work for it or something

[DigitalXS]

First @ all I can say when you use your firewall correctly no Remote Control Trojan (or any other trojan that need internetconnection) can send or get data. So it can be active, but cannot harm you much.

And Acecool your information isn't really correct. Anti Virus Tools in hour time use Heuristic searches so even a packed trojan will be detected cause of it's structure.

Greets
DigitalXS

[Acecool]

First @ all I can say when you use your firewall correctly no Remote Control Trojan (or any other trojan that need internetconnection) can send or get data. So it can be active, but cannot harm you much.

--

still takes up resources.

--

Also then why isnt this trojan detected?



Why arent GAME exes shown as a trojan? They access the internet, they send info back and fourth between a master server.

lol


um



There are probably 1000s, if not millions of undetected viruses/worms/trojans whatever
They are slowly found, they get detected if/when somone sends the virus to the av makers so they can update definitions or if they get it some other way.

it all depends

[DigitalXS]

my firewall do not use any ressources from my desktop PC cause i got an old Pentium I 166 MHZ, 64 MB Ram 2 GB HD for some €uros and set up a Router/Firewall.

Then roessources needed by a desktop firewall aren't that much...
And it is not from interest if the trojan is known or unknown. A good configured firewall blocks ALL traffic. IN/OUT and the user can choose wether to allow or to deny programs to connect.
And when you allow a trojan to connect in and out then it's your fault!

[CornerPocket]

PSEXESVC.exe = WORM_DELODER.A
Alias: W32.HLLW.Deloder

Description:

This worm uses the valid utility, PSEXEC.EXE, to connect to remote machines. It attempts to log on to the machines as administrator using several passwords listed in its body. It connects via TCP port 445 and drops a copy of itself as Dvldr32.exe and a backdoor program as INST.EXE on accessible machines.

MANUAL REMOVAL INSTRUCTIONS -

STEP-1:
1. Open Windows Task Manager. Press CTRL+SHIFT+ESC, and click the Processes tab.
2. In the list of running programs, locate the process: Dvldr32.exe
3. Select the malware process, then press the End Process button.
4. To check if the malware process has been terminated, close Task Manager, and then open it again.
5. Close Task Manager.


STEP-2:
To remove the malware autostart entries:

1. Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
2. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Run
3. In the right panel, locate and delete the entry or entries: messnger
4. Close Registry Editor.



Or you can just use Trend Micros Auto System Cleaner: Non-User version if not a user of Trend Micro AV -



Moving to software....................

[Paul_NFFC]

yea i had norton firewall 2003 and norton antivirus 2003 all up 2 date, downloaded beach life quite a few months ago scanned it was fine,opened it then it killed my security and messed my computer up bigtime and i installed mcafee and it found a virus

antivirus and firewalls only make things safer they dont mean your untouchable