Solved

Need Help Removing FTPSVR.EXE Trojan

Posted on 2004-08-31
5
227 Views
Last Modified: 2013-12-04
I have a machine that has the ftpsvr.exe trojan. I deleted the file off the hard drive and removed the registry entry from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run that started up the program. However, when I rebooted the file came back and continues to hang up the machine. I cannot end the process in Task Manager . I restarted in Safe Mode and cannot find the file on the hard drive and the registry entry is still deleted yet the ftpsvr file still runs. I swapped out the machine so I know the problem is not profile related. We are using McAfee VirusScan 7.1.0 with the latest updates. Thanks for your help.
0
Comment
Question by:glehrer
  • 3
5 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11943814
Hello glehrer =)

Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
0
 
LVL 29

Accepted Solution

by:
blue_zee earned 250 total points
ID: 11944604

Have you tried the manual method described by PestPatrol?

http://www.pestpatrol.com/pestinfo/f/ftppw_0_1.asp

Seems quite simple.

Zee
0
 

Author Comment

by:glehrer
ID: 11959336
I ran Spybot and BHODaemon on the machine and after that the computer was fine. I think points ought to go to blue_zee for finding a good solution even though it was not the one I actually used. Any problem with that?
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11961017

Glad you're out of trouble.

If you feel I helped in any way, assigning points is OK.

If not, you can ask for a refund posting a 0 points question here:

http://www.experts-exchange.com/Community_Support/

Including a link to this question.

Thanks.

Zee
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11973535

Thank you.

Zee
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question