Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Alles rund um Windows (https://www.trojaner-board.de/alles-rund-um-windows/)
-   -   Ist der FTP-Client "Serv-U Fileserver" ein Virus? (https://www.trojaner-board.de/94874-ftp-client-serv-u-fileserver-virus.html)

Tron0070 19.01.2011 14:17
Ist der FTP-Client "Serv-U Fileserver" ein Virus?
 
Hallo Leute, ich wollte mal das Programm "Serv-U Fileserver" ausprobieren.
Auf chip.de und serv-u.info habe ich es mir geladen und bei der Installation meldet mein Virenscanner "Antivir" Alarm bei der Datei "ServUDaemon.exe"
In der Option "Gefahrenkategorien" von Antivir habe ich den Hacken bei "Anwendungen" raus genommen, die besagt, "Bei der Bezeichnung Anwendungen handelt es sich um eine Applikation, deren Nutzung mit einem Risiko verbunden sein kann oder die von fragwürdiger Herkunft ist." und dann kam keine Meldung mehr.

Was meint ihr zu dem Programm, ist das ein Virus oder nur ein Fehlalarm weil es sich hierbei um ein Server handelt?


VirusTotal mein dazu

Code:
File name:                ServUDaemon.exe
Submission date:        2011-01-19 12:42:53 (UTC)
Current status:                finished
Result:                        11/ 43 (25.6%)

Antivirus        Version        Last Update        Result
AhnLab-V3        2011.01.18.00        2011.01.17        -
AntiVir                7.11.1.178        2011.01.19        APPL/Serv-U.Gen
Antiy-AVL        2.0.3.7                2011.01.18        -
Avast                4.8.1351.0        2011.01.19        -
Avast5                5.0.677.0        2011.01.19        -
AVG                10.0.0.1190        2011.01.19        ServU.BWC
BitDefender        7.2                2011.01.19        -
CAT-QuickHeal        11.00                2011.01.19        -
ClamAV        0.96.4.0                2011.01.19        -
Commtouch        5.2.11.5        2011.01.19        W32/Renamed_ServU.gen!Eldorado
Comodo                        7442        2011.01.19        UnclassifiedMalware
DrWeb                5.0.2.03300        2011.01.19        BACKDOOR.Trojan
Emsisoft        5.1.0.1                2011.01.19        -
eSafe                7.0.17.0        2011.01.18        Win32.APPLServ.U
eTrust-Vet        36.1.8108        2011.01.19        -
F-Prot                4.6.2.117        2011.01.18        W32/Renamed_ServU.gen!Eldorado
F-Secure        9.0.16160.0        2011.01.19        -
Fortinet        4.2.254.0        2011.01.16        -
GData                        21        2011.01.19        -
Ikarus                T3.1.1.97.0        2011.01.19        -
Jiangmin        13.0.900        2011.01.19        -
K7AntiVirus        9.77.3570        2011.01.18        -
Kaspersky        7.0.0.125        2011.01.19        -
McAfee                5.400.0.1158        2011.01.19        -
McAfee-GW-Edition        2010.1C        2011.01.19        -
Microsoft                1.6402        2011.01.19        -
NOD32                        5799        2011.01.19        probably a variant of Win32/ServU-Daemon
Norman                        6.06.12        2011.01.18        -
nProtect        2011-01-18.01        2011.01.18        -
Panda                10.0.2.7        2011.01.18        -
PCTools                        7.0.3.5        2011.01.19        -
Prevx                        3.0        2011.01.19        -
Rising                22.83.02.00        2011.01.19        -
Sophos                        4.61.0        2011.01.19        Serv-U
SUPERAntiSpyware4.40.0.1006        2011.01.19        -
Symantec        20101.3.0.103        2011.01.19        WS.Reputation.1
TheHacker        6.7.0.1.116        2011.01.18        -
TrendMicro        9.120.0.1004        2011.01.19        -
TrendMicro-HouseCall9.120.0.10042011.01.19        -
VBA32                3.12.14.2        2011.01.18        -
VIPRE                        8123        2011.01.19        Trojan.Win32.Generic!BT
ViRobot                2011.1.19.4263        2011.01.19        -
VirusBuster        13.6.153.0        2011.01.19        -



Additional information
Show all
MD5  : ad20422086988b42f3759d1be61aa132
SHA1  : 23bcb04e529d11674303f7ad2b9b36b5dae88561
SHA256: 86cd36e0debff10122a880e24375b64367c762ef5ef3002f8c1ec98d061f1ac6
Show all

Code:
Additional information
Show all
MD5  : ad20422086988b42f3759d1be61aa132
SHA1  : 23bcb04e529d11674303f7ad2b9b36b5dae88561
SHA256: 86cd36e0debff10122a880e24375b64367c762ef5ef3002f8c1ec98d061f1ac6
ssdeep: 24576:qfarwUB29BYFFhBqbHarMbZJLnJVS1WygG:vc99BYFfyHaobZJLnJU1We
File size : 823296 bytes
First seen: 2010-07-01 03:04:28
Last seen : 2011-01-19 12:42:53
TrID:
Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Rhino Software, Inc. _1(262) 560-9627
copyright....: Copyright (c) 1995-2010 - Rhino Software, Inc.
product......: Serv-U FTP Server
description..: Serv-U FTP Server
original name: ServUDaemon.exe
internal name: ServUDaemon
file version.: 6, 4, 0, 8
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x9889C
timedatestamp....: 0x4C0F889F (Wed Jun 09 12:27:11 2010)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xA19DF, 0xA1A00, 6.54, 3d50bbea9a936237b7b1f94ef98f6c6a
.rdata, 0xA3000, 0x142AE, 0x14400, 5.18, baced6794d0f0d9deb73595da47f2723
.data, 0xB8000, 0x869C, 0x4000, 4.97, afc3a815ff7df99cebfb70df3073e796
.rsrc, 0xC1000, 0xEC5C, 0xEE00, 4.54, 9cb5acd6b94d0d50f152d1b2c6d7041b

[[ 12 import(s) ]]
VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
WINMM.dll: timeBeginPeriod, timeGetTime, timeGetDevCaps, timeSetEvent, timeKillEvent, timeEndPeriod
zlib1.dll: inflateInit_, deflateInit_, deflate, inflate, deflateEnd, inflateEnd
RhinoNET.dll: _Tickle@CUPnPNetwork@@QAEXXZ, _ParentDepth@CUPnPObject@@QAEHXZ, __0CUPnPNetwork@@QAE@P6GXPAXIPAVCUPnPObject@@@Z0@Z, __1CUPnPNetwork@@UAE@XZ, _IsPrivateIP@@YAHPBD@Z, _GetPortMaps@CUPnPDevice@@QAE_NPAXAAV_$vector@PAVCUPnPPortMap@@V_$allocator@PAVCUPnPPortMap@@@std@@@std@@@Z, _DeletePortMap@CUPnPDevice@@QAE_NPAXIPBD@Z, _ReleasePortMaps@CUPnPDevice@@SAXAAV_$vector@PAVCUPnPPortMap@@V_$allocator@PAVCUPnPPortMap@@@std@@@std@@@Z, _GetStartEndPorts@CUPnPDevice@@QBEXAAI0@Z, _DeletePortMaps@CUPnPDevice@@QAE_NPAX@Z, _AddPortMap@CUPnPDevice@@QAE_NPAXIPBD1@Z, _AddPortMaps@CUPnPDevice@@QAE_NPAXIIPBD1@Z, _GetUPnPDevice@CUPnPNetwork@@QBEPAVCUPnPDevice@@PBD@Z, _GetNATEnabled@CUPnPDevice@@QAE_NPAXAA_N@Z, _ReleaseUPnPDevice@CUPnPNetwork@@QAEXPAVCUPnPDevice@@@Z, _Rediscover@CUPnPNetwork@@QAEXXZ, _GetPortMappingDescription@CUPnPPortMap@@QBEPBDXZ, _GetInternalClient@CUPnPPortMap@@QBEPBDXZ, _ExternalPort@CUPnPPortMap@@QBEIXZ, _GetUSN@CUPnPDevice@@QBEABV_$CStdStr@D@@XZ, _GetIpAddr@CUPnPDevice@@QBEABV_$CStdStr@D@@XZ, _NumPortMaps@CUPnPDevice@@QBEIXZ, _GetExternalIPAddress@CUPnPDevice@@QAE_NPAX@Z
KERNEL32.dll: QueryPerformanceCounter, GetCurrentThreadId, SetUnhandledExceptionFilter, UnhandledExceptionFilter, IsDebuggerPresent, GetStartupInfoW, HeapSetInformation, InterlockedCompareExchange, InterlockedExchange, DecodePointer, IsProcessorFeaturePresent, TerminateProcess, EncodePointer, ReleaseSemaphore, CreateSemaphoreA, FindFirstFileA, FindNextFileA, FindClose, CreateDirectoryA, CreateEventA, InitializeCriticalSection, CloseHandle, EnterCriticalSection, FindFirstChangeNotificationA, PulseEvent, LeaveCriticalSection, Sleep, DeleteCriticalSection, FindCloseChangeNotification, WaitForMultipleObjects, GetModuleFileNameA, HeapFree, GetProcessHeap, GetCurrentThread, GetLastError, GetCurrentProcess, HeapAlloc, GetPrivateProfileStringA, LoadLibraryA, GetProcAddress, FreeLibrary, GetTimeZoneInformation, GetFileAttributesA, WriteFile, ReadFile, CreateFileA, SetFilePointer, SetEndOfFile, SetFileAttributesA, WinExec, MoveFileA, MoveFileExA, SystemTimeToFileTime, GetSystemTimeAsFileTime, CompareFileTime, SetFileTime, GetFileTime, FileTimeToSystemTime, GetCurrentDirectoryA, SetCurrentDirectoryA, GetModuleHandleA, FindResourceA, SizeofResource, GetProfileStringA, WriteProfileStringA, WaitForSingleObject, WritePrivateProfileStringA, GlobalMemoryStatus, OpenProcess, GetCurrentProcessId, HeapCompact, SetProcessWorkingSetSize, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, CreateMailslotA, GetComputerNameA, GetTickCount, MultiByteToWideChar, WideCharToMultiByte, GetMailslotInfo, GetSystemDirectoryA, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, OpenEventA, SetEvent, GetVersionExA, TerminateThread, SetErrorMode, ResetEvent, SetThreadPriority, GetExitCodeThread, GetDateFormatA, GetTimeFormatA, lstrlenA, GetDiskFreeSpaceA
USER32.dll: LoadStringA, PostMessageA, IsWindow, MessageBeep, PostQuitMessage, LoadImageA, LoadCursorA, GetSysColorBrush, RegisterClassA, DefWindowProcA, UnregisterClassA, CharUpperA, CharLowerA, CharPrevA, CharNextA, TranslateMessage, PeekMessageA, PostThreadMessageA, MsgWaitForMultipleObjectsEx, DispatchMessageA, GetMessageA, GetWindowTextLengthA, GetSystemMetrics, GetParent, GetClientRect, BringWindowToTop, SendMessageA, ShowWindow, MoveWindow, DestroyWindow, GetWindowRect, IsWindowVisible, IsIconic, CreateWindowExA
GDI32.dll: CreateICA, DeleteDC, DeleteObject, SelectObject, GetTextExtentPointA, CreateFontA, GetDeviceCaps
ADVAPI32.dll: RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegisterEventSourceA, DeregisterEventSource, ReportEventA, OpenThreadToken, OpenProcessToken, GetTokenInformation, GetLengthSid, CopySid, RegQueryValueExA, RegEnumKeyExA, RegDeleteKeyA, RegEnumValueA, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, SetServiceStatus, ControlService, StartServiceA, DeleteService, QueryServiceStatus, CloseServiceHandle, ChangeServiceConfigA, OpenServiceA, CreateServiceA, OpenSCManagerA, GetUserNameA, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegDeleteValueA
SHELL32.dll: SHGetFileInfoA
MSVCR100.dll: _itoa, _stricmp, _strnicmp, _strdup, _unlink, _chmod, _strrev, _ultoa, _access, __iob_func, exit, calloc, _terminate@@YAXXZ, _unlock, __dllonexit, __timezone, _crt_debugger_hook, _controlfp_s, _invoke_watson, __type_info_dtor_internal_method@type_info@@QAEXXZ, _except_handler4_common, __set_app_type, _fmode, _commode, fputc, _time64, islower, strncmp, malloc, _beginthread, strcat, __CxxFrameHandler3, _CxxThrowException, strcpy, memcpy, strcmp, fgetc, strlen, memset, memchr, __0bad_cast@std@@QAE@PBD@Z, __1bad_cast@std@@UAE@XZ, __0bad_cast@std@@QAE@ABV01@@Z, tolower, isspace, _tzset, fopen_s, fprintf_s, _atoi64, rename, strcpy_s, _heapmin, __setusermatherr, _configthreadlocale, _initterm_e, _initterm, _acmdln, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _amsg_exit, _onexit, fopen, fread, fclose, strncpy, __3@YAXPAX@Z, __2@YAPAXI@Z, _time32, ___U@YAPAXI@Z, ___V@YAXPAX@Z, _beginthreadex, memmove, __0exception@std@@QAE@ABV01@@Z, _what@exception@std@@UBEPBDXZ, __1exception@std@@UAE@XZ, __0exception@std@@QAE@ABQBD@Z, sprintf, _gmtime32, _stat32i64, strtol, qsort, strftime, isgraph, isprint, _stat32, fgets, toupper, sscanf, free, _localtime32, atoi, strchr, strrchr, _ctime32, _i64toa, strstr, isupper, isalpha, isdigit, _chdrive, _chdir, _mkdir, _rmdir, atol, fprintf, _mktime32, _vsnprintf, atof, srand, rand, _lock
MSVCP100.dll: __Xlength_error@std@@YAXPBD@Z, __Xout_of_range@std@@YAXPBD@Z, __Orphan_all@_Container_base12@std@@QAEXXZ, __0_Container_base12@std@@QAE@XZ, __1_Container_base12@std@@QAE@XZ, __Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ, __Incref@facet@locale@std@@QAEXXZ, __1_Lockit@std@@QAE@XZ, __0_Lockit@std@@QAE@H@Z, __Init@locale@std@@CAPAV_Locimp@12@XZ, __Decref@facet@locale@std@@QAEPAV123@XZ, __Getcat@_$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z, _id@_$ctype@D@std@@2V0locale@2@A, __Bid@locale@std@@QAEIXZ, _tolower@_$ctype@D@std@@QBEDD@Z, __Orphan_all@_Container_base0@std@@QAEXXZ
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 662016
CompanyName: Rhino Software, Inc. +1(262) 560-9627
EntryPoint: 0x9889c
FileDescription: Serv-U FTP Server
FileFlagsMask: 0x0017
FileOS: Win32
FileSize: 804 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 6, 4, 0, 8
FileVersionNumber: 6.4.0.8
ImageVersion: 0.0
InitializedDataSize: 160256
InternalName: ServUDaemon
LanguageCode: English (U.S.)
LegalCopyright: Copyright 1995-2010 - Rhino Software, Inc.
LegalTrademarks: Serv-U is a trademark of Rhino Software, Inc.
LinkerVersion: 10.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.1
ObjectFileType: Executable application
OriginalFilename: ServUDaemon.exe
PEType: PE32
ProductName: Serv-U FTP Server
ProductVersion: 6, 4, 0, 8
ProductVersionNumber: 6.4.0.8
Subsystem: Windows GUI
SubsystemVersion: 5.1
TimeStamp: 2010:06:09 14:27:11+02:00
UninitializedDataSize: 0

Vielen Dank

Tron0070

cosinus 19.01.2011 16:06
Hallo und :hallo:

Ist IMHO ein Fehlalarm, vermutlich wird der Serv-U häufiger als Schädling erkannt, da meiner Erfahrung nach kompromittierte Rechner damit "ausgestattet" wurden, anscheinend haben manche Cracker da eine Vorliebe zu gehabt.

Wozu muss es Serv-U sein? Was spricht gegen den quelloffenen FileZilla FTP-Server?

Tron0070 20.01.2011 17:11
Habe jetzt FileZilla genommen und funktioniert.

Danke Arne


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131