Solved

Need Help Removing FTPSVR.EXE Trojan

Posted on 2004-08-31
5
261 Views
Last Modified: 2013-12-04
I have a machine that has the ftpsvr.exe trojan. I deleted the file off the hard drive and removed the registry entry from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run that started up the program. However, when I rebooted the file came back and continues to hang up the machine. I cannot end the process in Task Manager . I restarted in Safe Mode and cannot find the file on the hard drive and the registry entry is still deleted yet the ftpsvr file still runs. I swapped out the machine so I know the problem is not profile related. We are using McAfee VirusScan 7.1.0 with the latest updates. Thanks for your help.
0
Comment
Question by:glehrer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11943814
Hello glehrer =)

Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
0
 
LVL 29

Accepted Solution

by:
blue_zee earned 250 total points
ID: 11944604

Have you tried the manual method described by PestPatrol?

http://www.pestpatrol.com/pestinfo/f/ftppw_0_1.asp

Seems quite simple.

Zee
0
 

Author Comment

by:glehrer
ID: 11959336
I ran Spybot and BHODaemon on the machine and after that the computer was fine. I think points ought to go to blue_zee for finding a good solution even though it was not the one I actually used. Any problem with that?
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11961017

Glad you're out of trouble.

If you feel I helped in any way, assigning points is OK.

If not, you can ask for a refund posting a 0 points question here:

http://www.experts-exchange.com/Community_Support/

Including a link to this question.

Thanks.

Zee
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11973535

Thank you.

Zee
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question