Microsoft Antisyware and FTP Attack Trojan

L

Lizzie

This antispyware seems to do a really good job of finding and removing
spyware. I use it along with Adaware and Spybot and my computer is always
adware free........ except -- the Microsoft program always finds "FTP Attack
Trojan" (the file it refers to is c:\windows\system32\serv-u.ini). The
program removes it, but it is always there when I next scan, unless I scan
again right away. Adaware and Spybot don't ever find this and a virus scan
doesn't find anything.

I've searched Google but don't quite understand what I'm finding. Any help,
as always, is appreciated.

Thanks,

Liz
 
D

Daniel Crichton

Lizzie wrote on Fri, 11 Mar 2005 05:04:21 -0600:
This antispyware seems to do a really good job of finding and removing
spyware. I use it along with Adaware and Spybot and my computer is always
adware free........ except -- the Microsoft program always finds "FTP
Attack Trojan" (the file it refers to is c:\windows\system32\serv-u.ini).
The program removes it, but it is always there when I next scan, unless I
scan again right away. Adaware and Spybot don't ever find this and a
virus scan doesn't find anything.

I've searched Google but don't quite understand what I'm finding. Any
help, as always, is appreciated.
Click to expand...

Serv-U is an FTP server application. However, there is a trojan that
pretends to be the Serv-U installer, and it's possible that is what you
have, see http://securityresponse.symantec.com/avcenter/venc/data/trojan.ring0.b.html
for more details.

I run Serv-U on a couple of servers where I work, and none of them have a
serv-u.ini file. The ini files they do use are in the Program Files\Serv-U
dir. As MS is picking this up as a possible trojan, it's either treating the
presence of the ini file as a sign of infection (and this might be false if
you have an older version of Serv-U running on your machine as it appears it
used to place an ini file in that location), or it's reading the content of
the ini file and finding signs of the trojan.

If you don't know what Serv-U is, and you didn't install it on your machine,
then it sounds likely you're infected, possibly with the above mentioned
trojan.

Dan
 
L

Lizzie

Thank you, Dan,

Since I didn't know what Serv-U was, I followed the steps in the link you
provided. Thanks. It looks like it just might be gone.

Gratefully, Liz
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

FTP Attack Trojan 1
Severe Trojan 1
vondo/virtumonde help 14
Trojan.Win32.FTP Attack 2
Urgent! Virus Attack 18
CWS combo trojan 2
Trojan horse Clicker.2.S 9
Same problem looks like a trojan 2

Top