Hallo Leute, ich wollte mal das Programm "Serv-U Fileserver" ausprobieren.
Auf chip.de und serv-u.info habe ich es mir geladen und bei der Installation meldet mein Virenscanner "Antivir" Alarm bei der Datei "ServUDaemon.exe"
In der Option "Gefahrenkategorien" von Antivir habe ich den Hacken bei "Anwendungen" raus genommen, die besagt, "Bei der Bezeichnung Anwendungen handelt es sich um eine Applikation, deren Nutzung mit einem Risiko verbunden sein kann oder die von fragwürdiger Herkunft ist." und dann kam keine Meldung mehr.

Was meint ihr zu dem Programm, ist das ein Virus oder nur ein Fehlalarm weil es sich hierbei um ein Server handelt?


VirusTotal mein dazu

Code: Alles auswählenAufklappen

ATTFilter

File name: 		ServUDaemon.exe
Submission date: 	2011-01-19 12:42:53 (UTC)
Current status:		finished
Result:			11/ 43 (25.6%)

Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2011.01.18.00	2011.01.17	-
AntiVir		7.11.1.178	2011.01.19	APPL/Serv-U.Gen
Antiy-AVL	2.0.3.7		2011.01.18	-
Avast		4.8.1351.0	2011.01.19	-
Avast5		5.0.677.0	2011.01.19	-
AVG		10.0.0.1190	2011.01.19	ServU.BWC
BitDefender	7.2		2011.01.19	-
CAT-QuickHeal	11.00		2011.01.19	-
ClamAV	0.96.4.0		2011.01.19	-
Commtouch	5.2.11.5	2011.01.19	W32/Renamed_ServU.gen!Eldorado
Comodo			7442	2011.01.19	UnclassifiedMalware
DrWeb		5.0.2.03300	2011.01.19	BACKDOOR.Trojan
Emsisoft	5.1.0.1		2011.01.19	-
eSafe		7.0.17.0	2011.01.18	Win32.APPLServ.U
eTrust-Vet	36.1.8108	2011.01.19	-
F-Prot		4.6.2.117	2011.01.18	W32/Renamed_ServU.gen!Eldorado
F-Secure	9.0.16160.0	2011.01.19	-
Fortinet	4.2.254.0	2011.01.16	-
GData			21	2011.01.19	-
Ikarus		T3.1.1.97.0	2011.01.19	-
Jiangmin	13.0.900	2011.01.19	-
K7AntiVirus	9.77.3570	2011.01.18	-
Kaspersky	7.0.0.125	2011.01.19	-
McAfee		5.400.0.1158	2011.01.19	-
McAfee-GW-Edition	2010.1C	2011.01.19	-
Microsoft		1.6402	2011.01.19	-
NOD32			5799	2011.01.19	probably a variant of Win32/ServU-Daemon
Norman			6.06.12	2011.01.18	-
nProtect	2011-01-18.01	2011.01.18	-
Panda		10.0.2.7	2011.01.18	-
PCTools			7.0.3.5	2011.01.19	-
Prevx			3.0	2011.01.19	-
Rising		22.83.02.00	2011.01.19	-
Sophos			4.61.0	2011.01.19	Serv-U
SUPERAntiSpyware4.40.0.1006	2011.01.19	-
Symantec	20101.3.0.103	2011.01.19	WS.Reputation.1
TheHacker	6.7.0.1.116	2011.01.18	-
TrendMicro	9.120.0.1004	2011.01.19	-
TrendMicro-HouseCall9.120.0.10042011.01.19	-
VBA32		3.12.14.2	2011.01.18	-
VIPRE			8123	2011.01.19	Trojan.Win32.Generic!BT
ViRobot		2011.1.19.4263	2011.01.19	-
VirusBuster	13.6.153.0	2011.01.19	-



Additional information
Show all
MD5   : ad20422086988b42f3759d1be61aa132
SHA1  : 23bcb04e529d11674303f7ad2b9b36b5dae88561
SHA256: 86cd36e0debff10122a880e24375b64367c762ef5ef3002f8c1ec98d061f1ac6
         

Show all

Code: Alles auswählenAufklappen

ATTFilter

Additional information
Show all
MD5   : ad20422086988b42f3759d1be61aa132
SHA1  : 23bcb04e529d11674303f7ad2b9b36b5dae88561
SHA256: 86cd36e0debff10122a880e24375b64367c762ef5ef3002f8c1ec98d061f1ac6
ssdeep: 24576:qfarwUB29BYFFhBqbHarMbZJLnJVS1WygG:vc99BYFfyHaobZJLnJU1We
File size : 823296 bytes
First seen: 2010-07-01 03:04:28
Last seen : 2011-01-19 12:42:53
TrID:
Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Rhino Software, Inc. _1(262) 560-9627
copyright....: Copyright (c) 1995-2010 - Rhino Software, Inc.
product......: Serv-U FTP Server
description..: Serv-U FTP Server
original name: ServUDaemon.exe
internal name: ServUDaemon
file version.: 6, 4, 0, 8
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x9889C
timedatestamp....: 0x4C0F889F (Wed Jun 09 12:27:11 2010)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xA19DF, 0xA1A00, 6.54, 3d50bbea9a936237b7b1f94ef98f6c6a
.rdata, 0xA3000, 0x142AE, 0x14400, 5.18, baced6794d0f0d9deb73595da47f2723
.data, 0xB8000, 0x869C, 0x4000, 4.97, afc3a815ff7df99cebfb70df3073e796
.rsrc, 0xC1000, 0xEC5C, 0xEE00, 4.54, 9cb5acd6b94d0d50f152d1b2c6d7041b

[[ 12 import(s) ]]
VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
WINMM.dll: timeBeginPeriod, timeGetTime, timeGetDevCaps, timeSetEvent, timeKillEvent, timeEndPeriod
zlib1.dll: inflateInit_, deflateInit_, deflate, inflate, deflateEnd, inflateEnd
RhinoNET.dll: _Tickle@CUPnPNetwork@@QAEXXZ, _ParentDepth@CUPnPObject@@QAEHXZ, __0CUPnPNetwork@@QAE@P6GXPAXIPAVCUPnPObject@@@Z0@Z, __1CUPnPNetwork@@UAE@XZ, _IsPrivateIP@@YAHPBD@Z, _GetPortMaps@CUPnPDevice@@QAE_NPAXAAV_$vector@PAVCUPnPPortMap@@V_$allocator@PAVCUPnPPortMap@@@std@@@std@@@Z, _DeletePortMap@CUPnPDevice@@QAE_NPAXIPBD@Z, _ReleasePortMaps@CUPnPDevice@@SAXAAV_$vector@PAVCUPnPPortMap@@V_$allocator@PAVCUPnPPortMap@@@std@@@std@@@Z, _GetStartEndPorts@CUPnPDevice@@QBEXAAI0@Z, _DeletePortMaps@CUPnPDevice@@QAE_NPAX@Z, _AddPortMap@CUPnPDevice@@QAE_NPAXIPBD1@Z, _AddPortMaps@CUPnPDevice@@QAE_NPAXIIPBD1@Z, _GetUPnPDevice@CUPnPNetwork@@QBEPAVCUPnPDevice@@PBD@Z, _GetNATEnabled@CUPnPDevice@@QAE_NPAXAA_N@Z, _ReleaseUPnPDevice@CUPnPNetwork@@QAEXPAVCUPnPDevice@@@Z, _Rediscover@CUPnPNetwork@@QAEXXZ, _GetPortMappingDescription@CUPnPPortMap@@QBEPBDXZ, _GetInternalClient@CUPnPPortMap@@QBEPBDXZ, _ExternalPort@CUPnPPortMap@@QBEIXZ, _GetUSN@CUPnPDevice@@QBEABV_$CStdStr@D@@XZ, _GetIpAddr@CUPnPDevice@@QBEABV_$CStdStr@D@@XZ, _NumPortMaps@CUPnPDevice@@QBEIXZ, _GetExternalIPAddress@CUPnPDevice@@QAE_NPAX@Z
KERNEL32.dll: QueryPerformanceCounter, GetCurrentThreadId, SetUnhandledExceptionFilter, UnhandledExceptionFilter, IsDebuggerPresent, GetStartupInfoW, HeapSetInformation, InterlockedCompareExchange, InterlockedExchange, DecodePointer, IsProcessorFeaturePresent, TerminateProcess, EncodePointer, ReleaseSemaphore, CreateSemaphoreA, FindFirstFileA, FindNextFileA, FindClose, CreateDirectoryA, CreateEventA, InitializeCriticalSection, CloseHandle, EnterCriticalSection, FindFirstChangeNotificationA, PulseEvent, LeaveCriticalSection, Sleep, DeleteCriticalSection, FindCloseChangeNotification, WaitForMultipleObjects, GetModuleFileNameA, HeapFree, GetProcessHeap, GetCurrentThread, GetLastError, GetCurrentProcess, HeapAlloc, GetPrivateProfileStringA, LoadLibraryA, GetProcAddress, FreeLibrary, GetTimeZoneInformation, GetFileAttributesA, WriteFile, ReadFile, CreateFileA, SetFilePointer, SetEndOfFile, SetFileAttributesA, WinExec, MoveFileA, MoveFileExA, SystemTimeToFileTime, GetSystemTimeAsFileTime, CompareFileTime, SetFileTime, GetFileTime, FileTimeToSystemTime, GetCurrentDirectoryA, SetCurrentDirectoryA, GetModuleHandleA, FindResourceA, SizeofResource, GetProfileStringA, WriteProfileStringA, WaitForSingleObject, WritePrivateProfileStringA, GlobalMemoryStatus, OpenProcess, GetCurrentProcessId, HeapCompact, SetProcessWorkingSetSize, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, CreateMailslotA, GetComputerNameA, GetTickCount, MultiByteToWideChar, WideCharToMultiByte, GetMailslotInfo, GetSystemDirectoryA, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, OpenEventA, SetEvent, GetVersionExA, TerminateThread, SetErrorMode, ResetEvent, SetThreadPriority, GetExitCodeThread, GetDateFormatA, GetTimeFormatA, lstrlenA, GetDiskFreeSpaceA
USER32.dll: LoadStringA, PostMessageA, IsWindow, MessageBeep, PostQuitMessage, LoadImageA, LoadCursorA, GetSysColorBrush, RegisterClassA, DefWindowProcA, UnregisterClassA, CharUpperA, CharLowerA, CharPrevA, CharNextA, TranslateMessage, PeekMessageA, PostThreadMessageA, MsgWaitForMultipleObjectsEx, DispatchMessageA, GetMessageA, GetWindowTextLengthA, GetSystemMetrics, GetParent, GetClientRect, BringWindowToTop, SendMessageA, ShowWindow, MoveWindow, DestroyWindow, GetWindowRect, IsWindowVisible, IsIconic, CreateWindowExA
GDI32.dll: CreateICA, DeleteDC, DeleteObject, SelectObject, GetTextExtentPointA, CreateFontA, GetDeviceCaps
ADVAPI32.dll: RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegisterEventSourceA, DeregisterEventSource, ReportEventA, OpenThreadToken, OpenProcessToken, GetTokenInformation, GetLengthSid, CopySid, RegQueryValueExA, RegEnumKeyExA, RegDeleteKeyA, RegEnumValueA, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, SetServiceStatus, ControlService, StartServiceA, DeleteService, QueryServiceStatus, CloseServiceHandle, ChangeServiceConfigA, OpenServiceA, CreateServiceA, OpenSCManagerA, GetUserNameA, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegDeleteValueA
SHELL32.dll: SHGetFileInfoA
MSVCR100.dll: _itoa, _stricmp, _strnicmp, _strdup, _unlink, _chmod, _strrev, _ultoa, _access, __iob_func, exit, calloc, _terminate@@YAXXZ, _unlock, __dllonexit, __timezone, _crt_debugger_hook, _controlfp_s, _invoke_watson, __type_info_dtor_internal_method@type_info@@QAEXXZ, _except_handler4_common, __set_app_type, _fmode, _commode, fputc, _time64, islower, strncmp, malloc, _beginthread, strcat, __CxxFrameHandler3, _CxxThrowException, strcpy, memcpy, strcmp, fgetc, strlen, memset, memchr, __0bad_cast@std@@QAE@PBD@Z, __1bad_cast@std@@UAE@XZ, __0bad_cast@std@@QAE@ABV01@@Z, tolower, isspace, _tzset, fopen_s, fprintf_s, _atoi64, rename, strcpy_s, _heapmin, __setusermatherr, _configthreadlocale, _initterm_e, _initterm, _acmdln, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _amsg_exit, _onexit, fopen, fread, fclose, strncpy, __3@YAXPAX@Z, __2@YAPAXI@Z, _time32, ___U@YAPAXI@Z, ___V@YAXPAX@Z, _beginthreadex, memmove, __0exception@std@@QAE@ABV01@@Z, _what@exception@std@@UBEPBDXZ, __1exception@std@@UAE@XZ, __0exception@std@@QAE@ABQBD@Z, sprintf, _gmtime32, _stat32i64, strtol, qsort, strftime, isgraph, isprint, _stat32, fgets, toupper, sscanf, free, _localtime32, atoi, strchr, strrchr, _ctime32, _i64toa, strstr, isupper, isalpha, isdigit, _chdrive, _chdir, _mkdir, _rmdir, atol, fprintf, _mktime32, _vsnprintf, atof, srand, rand, _lock
MSVCP100.dll: __Xlength_error@std@@YAXPBD@Z, __Xout_of_range@std@@YAXPBD@Z, __Orphan_all@_Container_base12@std@@QAEXXZ, __0_Container_base12@std@@QAE@XZ, __1_Container_base12@std@@QAE@XZ, __Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ, __Incref@facet@locale@std@@QAEXXZ, __1_Lockit@std@@QAE@XZ, __0_Lockit@std@@QAE@H@Z, __Init@locale@std@@CAPAV_Locimp@12@XZ, __Decref@facet@locale@std@@QAEPAV123@XZ, __Getcat@_$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z, _id@_$ctype@D@std@@2V0locale@2@A, __Bid@locale@std@@QAEIXZ, _tolower@_$ctype@D@std@@QBEDD@Z, __Orphan_all@_Container_base0@std@@QAEXXZ
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 662016
CompanyName: Rhino Software, Inc. +1(262) 560-9627
EntryPoint: 0x9889c
FileDescription: Serv-U FTP Server
FileFlagsMask: 0x0017
FileOS: Win32
FileSize: 804 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 6, 4, 0, 8
FileVersionNumber: 6.4.0.8
ImageVersion: 0.0
InitializedDataSize: 160256
InternalName: ServUDaemon
LanguageCode: English (U.S.)
LegalCopyright: Copyright 1995-2010 - Rhino Software, Inc.
LegalTrademarks: Serv-U is a trademark of Rhino Software, Inc.
LinkerVersion: 10.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.1
ObjectFileType: Executable application
OriginalFilename: ServUDaemon.exe
PEType: PE32
ProductName: Serv-U FTP Server
ProductVersion: 6, 4, 0, 8
ProductVersionNumber: 6.4.0.8
Subsystem: Windows GUI
SubsystemVersion: 5.1
TimeStamp: 2010:06:09 14:27:11+02:00
UninitializedDataSize: 0
         

Vielen Dank

Tron0070

Hallo und

Ist IMHO ein Fehlalarm, vermutlich wird der Serv-U häufiger als Schädling erkannt, da meiner Erfahrung nach kompromittierte Rechner damit "ausgestattet" wurden, anscheinend haben manche Cracker da eine Vorliebe zu gehabt.

Wozu muss es Serv-U sein? Was spricht gegen den quelloffenen FileZilla FTP-Server?

Habe jetzt FileZilla genommen und funktioniert.

Danke Arne