Important information regarding Serv-U

Serv-U - A Windows FTP Server

Serv-U is an FTP Server for the Microsoft Windows operating system. It is a tool used to make hosting and sharing files easier. As with most tools, it can be used for the proper purpose, or it can be misused. When a tool such as Serv-U is installed on a computer without the owner's consent or knowledge, it can be exploited to behave much like a trojan.

Serv-U, as it is distributed by RhinoSoft.com, has always contained uninstall options under both the Serv-U Program Group and the "Add/Remove Programs" area in the Control Panel. One symptom of a hacked install is that these uninstall options are removed. When building a trojan utility, the first thing the hacker does is create a new installer to eliminate the standard uninstall options and customize the filenames to obscure their existence.

How Did Serv-U Get Installed?

Generally, the hackers are able to exploit some security hole in Windows. After a hacker gains access to your computer, it is easy for the hacker to gain control of higher functions such as installing software. Serv-U cannot install itself on your computer. It must be installed by a user of the computer or through automated means such as another program or a script running on the target computer. Additional software the hacker installs makes it easier for them to access your computer at a future time.

Hackers routinely use a compromised computer for its resources. After a target's computer has FTP software on it, the hacker can use it to host his own personal files. Your hard drive and bandwidth are valuable resources to a hacker.

What Do I Do?

The first step to secure a compromised system is to patch the hole so it cannot be exploited again. Microsoft Windows is your operating system. It is also the largest and most complex piece of software running on your computer. Because of this, it is the most likely source of security vulnerabilities and needs to be kept up to date. Make sure all the latest updates and patches are applied to your computer.

Just having a patched operating system isn't always enough. Another good idea is to install a personal firewall. A good personal firewall should secure your computer from unauthorized access. For examples of firewall software, please see the references at the end of this article.

There are a number of online and downloadable utilities that can help clean your system of software installed with a malicious intent. Some of these utilities are free while others must be purchased. The end of this article contains links to software that may assist you in the removal process. Please note that RhinoSoft.com does not endorse or support any of the software contained in these links.

If none of these tools are able to detect anything wrong with your computer, or if the problem remains, there is little that can be done to recover from the hack. Under these circumstances, the only way to restore control over your system is to backup your files and re-format the system. This is the one way to be sure your system security is restored. After the format is complete, make sure that all Windows updates are applied, add a personal firewall, and make sure to follow the safe computing tips.

General Information

This site has a large library of legitimate processes and known trojan processes. One of our customers recommended it as a good resource when his virus scanner could not help him clean an infected machine.
http://www.processlibrary.com/

General safe computing tips can be found at:
http://www.claymania.com/safe-hex.html

One security analyst that investigated a machine hacked on his network (which contained a malicious Serv-U installation) documented his experience at:
http://www.securityfocus.com/archive/75/363349

Trojan/Rootkit Removal Instructions:
Knowledge Base Article 1467