Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Please help, Serv-u FTP was installed on my machine and I do not know

Status
Not open for further replies.
softdrink

softdrink

Programmer
Jul 26, 2001
112
0
0
CA
SERV-U FTp was installed on my machine...how do I remove it... I'm not sure if someone accessed my machine or if it was installed on it's own. I can't remove it. I went to the makers site, got the name of the file and can't find it anywhere on my computer to delete it.

Does anybody know enything about this Serv-U FTP program?

softdrink
 
Sort by date Sort by votes
I use it. Are you sure it's actually installed and running? Where are you seeing this app? If it's in add/remove programs and you get an error when you try and uninstall it chances are it's been deleted and rather than uninstalled.

Here are a few things to look at to see if it's there and/or running. I will try and be detailed (like I'm talking to someone who isn't comp lit.)

First to check if its running.
Open a command prompt and type "nbtstat -an" without the quotes. This will show what ports are listening. If you see port 21, your running FTP server.
Example: TCP 0.0.0.0:21 0.0.0.0:0 LISTENING

Check if it is installed:
First, to make sure you can see all your files... double click "My computer" . Pull down the "Tools" menu and choose "Folder options". Choose the "View" tab from the dialog window that opens. Choose the "Show hidden files and folders" and uncheck "Hide protected operating system files". Click OK.
This lets you see hidden files and folders and system files.

Do a search on your drives for "*serv*.exe" or "*serv.*" without the quotes. I use a slightly older version of serv-u so the exe may have a different name but I am sure that something in the dir has "serv" in it! You may find files that are not serv-u related so using common sense decisions on what files are what is best.

Serv-u isn't a stealthy type of application so it shouldn't be hard to find.

Finally, if all else fails. Open regedit (start, run, regedit) and do a search (F3) through the registry for the same thing.

Good luck.
A
 
Upvote 0 Downvote
Thanks for the reply

OK, I did all that. nbtstat -an did not return the line that you have shown and gave me "netbios local name table" I did the search for the serv files you recommeneded, but no show. I do not have the folder for serv-u, It's not in add/remove, i found one file, serv-u.ini and that's it. I did not install the program but can see it in the taskbas HIDDEN, that means there should be an icon cause there is a space between other icons. When I click in the empty space I get serv-u FTP.

I only notied it cause my taskbar menu was streached and there was a dead space between two icons.

any other ideas

softdrink
 
Upvote 0 Downvote
Can anybody help me with this?????

Softdrink
 
Upvote 0 Downvote
This happened to me once when I was playing around with an ftp site on my "toy" Win2K Server at home - I inadvertently left anonymous access and write permissions enabled, and two days later I was the proud owner of 15GB of french language DVD Rips.

I discovered it the same way you did - a blank icon on my system tray. Apparently, there is a hack out there that sets the system tray icon to a blank (or gray) bitmap, so that it's less obvious.

Sounds to me like you have been hacked, and are probably hosting some sort of 'warez' ftp site. Unfortunately, I can't tell you what they might have renamed the Serv-U executable to, but if you bring up Task Manager, it's only a minor pain to search your system for each process listed in the Process tab - If it's running on your system, it's in the process list.

I just looked at the Serv-U website, and notice that the tray icon can be disabled. There are also a couple of suggestions for stopping the program. On NT/2K/XP, first look in your Services Applet to see if there is one for Serv-U. If there is, open the service and set the startup option to Never. Now stop the service.

If there is no service listed, go to a command line and type ServUDaemon.exe /s. That should force the server to stop. Now you will need to investigate your Startup menu and the Run and Load keys in your registry and remove the startup instruction.

If you are sure it is running, but you can't get it stopped, you might want to download & install ZoneAlarm temporarily. ZoneAlarm will block network traffic in both directions to any application that you haven't given permission to. It will prompt you the first time each app tries to access the network....That should keep the "guests" out until you can kill the server.

If what I describe above has happened, you will want to make a very careful search of your system to see if someone has dumped a bunch of files on you. In my case, they built a huge directory structure below my i386 folder:
\i386\Lang\JPN\....
The thing to watch out for is that they tend to use folder names which are illegal for Windows - COM1, LPT1, etc. If this has happened, let me know and I'll point you to some tips that will help.

Good luck, and sorry for the long discourse....

Allen
 
Upvote 0 Downvote
I recently helped someone remove a virus called Backdoor.servu from their computer.

When Win2K is up and running, hit CTRL+ALT+DEL and click Task Manager, Processes Tab.

Look through the list for firedaemon.exe, if it's there you are running a Servu-FTP program that came to you from a Trojan horse virus. The Firedaemon program is a legitimate program being used for illegitimate purposes. You can go to for more information.

To remove it, I did a search for firedaemon.exe on the computer. The folder it was in had numerous "suspicious" files. I rebooted into safe mode command prompt, then through DOS, moved the entire folder to another location (say c:\temp). On the next normal boot, the registry is unable to locate firedaemon.exe. It, and the servu programs, do not load. If your system works fine, you can delete the entire folder that you moved.

I was unable to completely remove the servu virus as I choose not to screw with the registry but this procedure did stop it from running.

In the future, run a firewall program (ZoneAlarm is great) and an antivirus program (AVG6 by is free). Also, I believe you were infected because you are not running with ServicePack3 on your Win2K system. So install SP3!
 
Upvote 0 Downvote
For clarification:

I apologize, the command was netstat -an and not nbtstat -an....
 
Upvote 0 Downvote
Thanks for the response.
I did all that you have suggested and found nothing that would suggest that the server is running. I have disabled it from taskbar for now. There are no files on my computer that have been dumped simply couse my 30 GB HD is full and I have all my files. I wanted to reformat my drive for a long time now but was too lazy to reinstall. I gues it would be a good time to do it now.

thanks again,

softdrink
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Miluis
  • Locked
  • Question
What application do you use
Replies
8
Views
158
2ffat
2ffat
pjw001
  • Locked
  • Question
Programs not loading on Windows 11 Version 22H2.
Replies
9
Views
213
pjw001
pjw001
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
252
Flinx
Flinx
spamjim
  • Locked
  • Question
Sanitizing illegal filenames on NTFS volumes
Replies
2
Views
88
spamjim
spamjim
VicM
  • Locked
  • Question
Change name not showing in user account 1
Replies
13
Views
200
guitarzan
guitarzan

Part and Inventory Search

Sponsor

Back
Top