Solved

Need Help Removing FTPSVR.EXE Trojan

Posted on 2004-08-31
5
250 Views
Last Modified: 2013-12-04
I have a machine that has the ftpsvr.exe trojan. I deleted the file off the hard drive and removed the registry entry from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run that started up the program. However, when I rebooted the file came back and continues to hang up the machine. I cannot end the process in Task Manager . I restarted in Safe Mode and cannot find the file on the hard drive and the registry entry is still deleted yet the ftpsvr file still runs. I swapped out the machine so I know the problem is not profile related. We are using McAfee VirusScan 7.1.0 with the latest updates. Thanks for your help.
0
Comment
Question by:glehrer
  • 3
5 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11943814
Hello glehrer =)

Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
0
 
LVL 29

Accepted Solution

by:
blue_zee earned 250 total points
ID: 11944604

Have you tried the manual method described by PestPatrol?

http://www.pestpatrol.com/pestinfo/f/ftppw_0_1.asp

Seems quite simple.

Zee
0
 

Author Comment

by:glehrer
ID: 11959336
I ran Spybot and BHODaemon on the machine and after that the computer was fine. I think points ought to go to blue_zee for finding a good solution even though it was not the one I actually used. Any problem with that?
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11961017

Glad you're out of trouble.

If you feel I helped in any way, assigning points is OK.

If not, you can ask for a refund posting a 0 points question here:

http://www.experts-exchange.com/Community_Support/

Including a link to this question.

Thanks.

Zee
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11973535

Thank you.

Zee
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question