Re: PYCTYSSKE service ??

There is no need to wipe and reinstall as this is expected behavior when one runs RootKit Revealer:
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx

We've therefore updated RootkitRevealer to execute its scan from a randomly named copy of
itself that runs as a Windows service.

The location of the executable and the log is correct, too. To remove the Service you will have to edit the registry. PYCTYSSKE will be located here:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Delete it's subfolder under Services and reboot the system.

MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============



cachetray wrote:

This service was running on Windows XP Professional. I was shocked when I noticed it in the Computer Management mmc snap-in. The executable was found in C:\Documents and Settings\LOCALS~\Temp.. The application that I found was Root Kit Revealer from Sysinternals renamed as PYCTYSSKE.exe. The CA certificate showed that the object did not have a valid digital signature. Valid from 4-4-06 to 10-4-07
! Key Usage Digital Signature non-Repudiation (c0)
! Basic Constraints Subject type =CA, PathLength.....
I use an account that belongs to the users group and very rarely log on as Administrator. The application was installed on an account with Administrator rights. I found a log file that it made in the Temp folder as well. Google fails to query a result and I am without an explanation. Any clue??

.