Troj/ServU - How does it work/How to prevent it? (Removal known)

[Guest Brock Hensley]

Hello,

 

I have been trying to research this "Serv-U" Virus, with the following

aliases, to figure out how it infects servers and how to prevent it. We have

a solution on how to remove the virus, we just need to know how it infects

servers and how to prevent it.

 

We consistantly see the infection only repeat on Virtual Servers with

Windows Server 2003 Web Edition.

 

not-a-virus:Server-FTP.Win32.Serv-U.5000 (Kaspersky Lab) is also known as:

 

not-a-virus:RiskWare.FTP.Serv-U.5000 (Kaspersky Lab)

Hacktool (Symantec)

BackDoor.Servu.5000 (Doctor Web)

Troj/ServU-Gen (Sophos)

BDS/ServU.ba.1 (H+BEDV)

Win32:Trojano-356 (ALWIL)

Trojan.ServU.G (SOFTWIN)

Trojan.Servu.1 (ClamAV)

Bck/ServU.BB (Panda)

 

Does anyone have any helpful information on this virus?

 

Thanks,

-B

[Guest David H. Lipman]

From: "Brock Hensley" <brock.hensley@serverintellect.com>

 

| Hello,

 

| I have been trying to research this "Serv-U" Virus, with the following

| aliases, to figure out how it infects servers and how to prevent it. We have

| a solution on how to remove the virus, we just need to know how it infects

| servers and how to prevent it.

 

| We consistantly see the infection only repeat on Virtual Servers with

| Windows Server 2003 Web Edition.

 

| not-a-virus:Server-FTP.Win32.Serv-U.5000 (Kaspersky Lab) is also known as:

 

| not-a-virus:RiskWare.FTP.Serv-U.5000 (Kaspersky Lab)

| Hacktool (Symantec)

| BackDoor.Servu.5000 (Doctor Web)

| Troj/ServU-Gen (Sophos)

| BDS/ServU.ba.1 (H+BEDV)

Win32::Trojano-356 (ALWIL)

| Trojan.ServU.G (SOFTWIN)

| Trojan.Servu.1 (ClamAV)

| Bck/ServU.BB (Panda)

 

| Does anyone have any helpful information on this virus?

 

| Thanks,

| -B

 

 

It is NOT a virus.

 

It is a backdoor trojan. Even Kaspersky calls this "not-a-virus:RiskWare.FTP.Serv-U.5000"

 

Sombody now has a "backdoor" to the PC this trojan is installed on.

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest FromTheRafters]

"Brock Hensley" <brock.hensley@serverintellect.com> wrote in message

news:2C6C5232-9773-4688-A4EF-C1A37C64AFC3@microsoft.com...<span style="color:blue">

> Hello,

>

> I have been trying to research this "Serv-U" Virus,</span>

 

It is not a virus.

<span style="color:blue">

> with the following aliases, to figure out how it infects servers and

> how to prevent it. We have a solution on how to remove the virus,</span>

 

Still not a virus.

<span style="color:blue">

> we just need to know how it infects servers and how to prevent it.

>

> We consistantly see the infection only repeat on Virtual Servers with

> Windows Server 2003 Web Edition.

>

> not-a-virus:Server-FTP.Win32.Serv-U.5000 (Kaspersky Lab) is also known

> as:

>

> not-a-virus:RiskWare.FTP.Serv-U.5000 (Kaspersky Lab)

> Hacktool (Symantec)</span>

 

Nice that some malware detectors know a 'not-a-virus' when they see one

and actually state the fact. So many just add to the confusion.

<span style="color:blue">

> BackDoor.Servu.5000 (Doctor Web)

> Troj/ServU-Gen (Sophos)

> BDS/ServU.ba.1 (H+BEDV)

> Win32:Trojano-356 (ALWIL)

> Trojan.ServU.G (SOFTWIN)

> Trojan.Servu.1 (ClamAV)

> Bck/ServU.BB (Panda)

>

> Does anyone have any helpful information on this virus?</span>

 

http://www.serv-u.com/suvirushack.asp