anyone seen this virus berore??

[pollux0]

We keep getting a virus that loads over 6 GB worth of crap onto our AD server. It is copied into the
inetpub-->mailroot-->Drop file. It creats a .exe file called "server-U" which seems to be a way to create a user name for unathorized FTP use. It also loads movies (.mpeg) into the file. Each movie is over 10 MB each.

It looks like it might also have created a "service" under computer management. there is a service with no name, its blank! It seems to automaticaly open a file called srsmain.exe

Anyone have any suggestions??

 

[jamey]

Make sure that you have not allowed anonymous access on your FTP server if you are running IIS. It is usually enabled by default. If this is the case, it is probably not a virus, but someone using your ftp server to serve warez.

 

[AlexIT]

From thread 621-222115 in NT Workstation forum: The ServeU is an FTP server program. Also check for ncx99.exe and tftp.exe used in the same hack. Jamey had this right, someone is serving MPEGS from your computer.

Alex

 

[Evilbart]

http://www.tlsecurity.net/trojansarchive/servu.htm

a little more info on this on the above page....
found this on google.....

Bart