Serv-u

[Sencha]

Has anybody seen this threat yet?

FTP Attack Trojan

seems to be located in C:\Windows\system32\serv-u.ini

MS Anti-spy removes this file every other day. Is this a
false positive or is MS Anti-spy not doing the job it
says it is?

Thkx

 

[Bill Sanderson]

Serv-u is a very popular FTP server, as I understand it, and, if installed
without your knowledge and open through the firewall is a severe risk.

Whether just the ini file alone is a risk is another question--and I don't
know enough about the possibilities to know whether that ini file might have
another, more innocent, reason for being there.

 

[Sencha]

Thanks Bill, Well anti-spy wants to remove it everyday and
I am not sure what program, if any, is reloading it.

 

[Bill Sanderson]

I would recommend strongly investigating further.

You might want to run a HijackThis log and get it analyzed by Ron Kinner, or
in a forum. You might also want to download F-secures Blacklight root-kit
detection beta product, and run it to see if anything is being better hidden
than that INI file.

 

[Tom Emmelot]

Sencha schreef:

Has anybody seen this threat yet?

FTP Attack Trojan

seems to be located in C:\Windows\system32\serv-u.ini

MS Anti-spy removes this file every other day. Is this a
false positive or is MS Anti-spy not doing the job it
says it is?

Thkx

Hello Sencha,

try housecall from Trend.

See also this, so you have to now the with won it is.

http://nl.trendmicro-europe.com/ent...?keyword=serv-u&x=12&y=7&LYstr=VESEARCHRESULT

with regards >*< TOM >*<

 

[Guest]

i get this message to has anyone figured out how to get rid of this ftp
attack trojan because i haven't yet either.