Backdoor.OptixPro.13

[David]

One of my servers has been infected with this Trojan and I
am having a tough time completely removing it from the
system. My virus defs are current, I have scanned for and
deteted all instances of the worm. Registry settings are
all ok.

The problem is that there is a key in the registry called:
Legacy_serv-u

I am unable to delete this key and Serv-U (ftp) tries to
load every time I reboot.

Any Suggestions?

David

 

[Oli Restorick [MVP]]

I know nothing of that particular trojan, but you should probably flatten
the server (if not the domain) and rebuild it. How do you know that nobody
has used to backdoor to gain access to your network? How do you know once
you've removed the trojan that there are no more trojans or backdoors
installed? Do you know who all your administrators are anymore? Are you
sure that your "temp" accounts don't have more rights than they should?

 

[Cory BRown]

Absolutely right,

Although to you may want to recover important data. I have some
experience removing the servu ftp. One way is to kill the process and then
do a search for ftp you should be able to find the folder or folders it is
installed in. Look around those folders because someone probably copied
illegal programs and stuff to those folders I would just delete it all and
then reboot your machine and make sure to get it up to date and then run the
security scanner to see if you up to date. before you bring it back online.

If you have any question feel free to email me just remove the nospam!