crvss.exe - Dangerous
crvss.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
It is a Trojan horse program with backdoor capabilities that spreads to network shares and allows a remote attacker to gain unauthorized access to an infected computer.
Steals confidential information.
Attempts to access the network share folder $IPC.
If the network share folder is password-protected, the Trojan attempts to gain access using predefined user names and passwords.
Opens a backdoor by connecting to the IRC server newuslut.parited.net on TCP port 6564, and listening for commands from a remote attacker.
These commands may allow a remote attacker to perform some of the following actions:
- Perform a Denial of Service (DoS) attack against a target host
- Retrieve system information
- Connect to a URL
- Upload and download files
- Execute programs
- Log keystrokes
- Sniff network packets
- Conduct port scans against other computers
- Steal the Windows Product ID
- Steals CD keys for the different games
Manual removal:
Navigate to the keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Windows media service"="crvss.exe"