Solved

Need Help Removing FTPSVR.EXE Trojan

Posted on 2004-08-31
5
238 Views
Last Modified: 2013-12-04
I have a machine that has the ftpsvr.exe trojan. I deleted the file off the hard drive and removed the registry entry from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run that started up the program. However, when I rebooted the file came back and continues to hang up the machine. I cannot end the process in Task Manager . I restarted in Safe Mode and cannot find the file on the hard drive and the registry entry is still deleted yet the ftpsvr file still runs. I swapped out the machine so I know the problem is not profile related. We are using McAfee VirusScan 7.1.0 with the latest updates. Thanks for your help.
0
Comment
Question by:glehrer
  • 3
5 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11943814
Hello glehrer =)

Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
0
 
LVL 29

Accepted Solution

by:
blue_zee earned 250 total points
ID: 11944604

Have you tried the manual method described by PestPatrol?

http://www.pestpatrol.com/pestinfo/f/ftppw_0_1.asp

Seems quite simple.

Zee
0
 

Author Comment

by:glehrer
ID: 11959336
I ran Spybot and BHODaemon on the machine and after that the computer was fine. I think points ought to go to blue_zee for finding a good solution even though it was not the one I actually used. Any problem with that?
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11961017

Glad you're out of trouble.

If you feel I helped in any way, assigning points is OK.

If not, you can ask for a refund posting a 0 points question here:

http://www.experts-exchange.com/Community_Support/

Including a link to this question.

Thanks.

Zee
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 11973535

Thank you.

Zee
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question