Serv-U

Recently one of the users on my network had Serv-U installed via a "hacker or virus". Well I went to the Serv-U site and followed their directions on how to get rid of this program and it didnt work. The program doesnt show up in the programs list nor does it show up in the Add/Remove Programs list. I did a search on the system for Serv-U and came up with nothing. I also did a search for files containing text Serv-U and came up with 2 files which I promply deleted. The trouble is that they are back again. If anyone has any ideas about this I would appreciate the input.

 

Log in or Sign up to hide all adverts.

One entry I found that might be of use is:
http://www.derkeiler.com/Newsgroups/microsoft.public.security/2002-12/9665.html

I guess your running a windows network, a tool that might (or might not) be of use is Startup CPL from www.mlin.net

The program allows most of the things that startup at boot to be configured, it can catch some trojans, although you would probably need to rn something that checks all open processes in the background.

My guess is that "Serv-U" was used to load a Different Trojan, since a user would have realised the flaws of Serv-U and would potentially have exploited them.

(It's also a pity you couldn't search for the DATE of the infect)

This will mean your going to have to run a trojan scanner like the one found at www.moosoft.com, Make sure you take a registery backup if you alter anything.

To help you in the future, clean your registery of anything that shouldn't be there and make a backup that you can roll back to.

Also if your network is being used by multiple different people, think about different types of Event Logging so you can map their moves and find viral infections.

 

Log in or Sign up to hide all adverts.