ftp.exe (5.1.2600.1106)

Contained in software
Name:	Windows XP Home Edition, Deutsch
License:	commercial
Information link:	http://www.microsoft.com/windowsxp/
File details
Filepath:	C:\WINDOWS\system32 \ ftp.exe
Filedate:	2002-08-29 14:00:00
Version:	5.1.2600.1106
Filesize:	43.008 bytes
Checksum and file hashes
CRC32:	4ECE4C3B
MD5:	156F C129 63B7 7DF5 2845 0B02 4434 6F76
SHA1:	6DDD 8053 5CE9 036D 6AE6 EEE9 EDF9 DBF3 B65C DA59
Version resource information
CompanyName:	Microsoft Corporation
FileDescription:	Programm zur Dateiübertragung
FileOS:	Windows NT, Windows 2000, Windows XP, Windows 2003
FileType:	Application
FileVersion:	5.1.2600.1106
InternalName:	ftp.exe
LegalCopyright:	© Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename:	ftp.exe
ProductName:	Betriebssystem Microsoft® Windows®
ProductVersion:	5.1.2600.1106

ftp.exe was found in the following malware reports:


Backdoor.FTP.AFtp
Technical details ...However, its file name, A-FTP.exe, is displayed in the Close Program dialog box (Windows 95/98/Me) or the Task Manager... ...You can remove Backdoor.FTP.AFtp from memory by selecting A-FTP.exe in the Close Program dialog box or the Task Manager and then clicking End Task.... Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ftp.aftp.html
PWSteal.Irftp
Privacy Policy About PWSteal.Irftp Discovered on:... ...March 15, 2004 11:41:00 AM PWSteal.Irftp is a Trojan horse that mimics the online interfaces of Brazilian banks to try to... ...When it is executed, the archive installs the Trojan, which is usually named Ir_Ftp.exe. Type: Trojan Horse... Technical details ... When PWSteal.Irftp runs, it does the following:... ...Copies itself as %System%Ir_Ftp.exe. Note: %System% is a variable.... ...Adds the value: "ir_ftp"="%System%ir_ftp.exe"... Recommendations ...many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server.... ...that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services. Enforce a password policy.... Removal instructions ...Run a full system scan and delete all the files detected as PWSteal.Irftp. Reverse the changes made to... ...Scroll through the list and look for Ir_Ftp.exe. If you find the file, click... ...If any files are detected as infected with PWSteal.Irftp, click Delete. 5. Reversing the changes made... ...right pane, delete the value: "ir_ftp"="%System%ir_ftp.exe"... ...email, which purports to be from Symantec but actually contains a link to PWSteal.Irftp: From (spoofed): "symantec"... Source: http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.irftp.html
W97M.Marker.JG
About W97M.Marker.JG ...file containing a small amount of information about the infected computer to an FTP server. Type: Macro... Threat assessment ...Payload: ftp access Modifies files:... Technical details ...It attempts to upload this log file to an FTP server at a particular IP address, using a shell instruction and the application... Recommendations ...many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server.... ...that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services. Enforce a password policy.... Source: http://securityresponse.symantec.com/avcenter/venc/data/w97m.marker.jg.html
W97M.Marker.damaged
About W97M.Marker.damaged ...the text file C:Netldx.vxd with the commands to upload the log file to a remote FTP server. 4. Finally, it runs the Windows... ...This operation will fail because the IP address of the FTP server cannot be contacted.... Source: http://securityresponse.symantec.com/avcenter/venc/data/w97m.marker.damaged.html
W97M.Marker.KC.gen
Technical details ...the text file C:Netldx.vxd with the commands to upload the log file to a remote FTP server. Finally, it runs the Windows... ...This operation fails because the IP address of the FTP server cannot be contacted.... Source: http://securityresponse.symantec.com/avcenter/venc/data/w97m.marker.kc.gen.html
W32.Netsky.V@mm
Technical details ...listens on TCP port 5557. Installs an FTP server that listens on TCP port 5556.... ...The viral index.html file launches ftp.exe, which is the default FTP client in Windows.... Recommendations ...many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server.... ...that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services. Enforce a password policy.... Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.v@mm.html
Backdoor.IRC.Aladinz.H
Technical details ...Fast.txt (a harmless text file) Ftp.exe (a legitimate Microsoft FTP client)... Recommendations ...many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server.... ...that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services. Enforce a password policy.... Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.h.html
W32.Tkbot.Worm
Technical details ...Deletes the files: C:WinntSystem32Ftp.exe C:WinntSystem32Tftp.exe... Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.tkbot.worm.html
W32.HLLW.Mantas
Technical details ...command.com ftp.exe runhidden.exe... ...... Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.mantas.html

Navigation

Browse files

• by name

ftp.exe (5.1.2600.1106)

Contained in software

File details

Checksum and file hashes

Version resource information

ftp.exe was found in the following malware reports:

Backdoor.FTP.AFtp

PWSteal.Irftp

W97M.Marker.JG

W97M.Marker.damaged

W97M.Marker.KC.gen

W32.Netsky.V@mm

Backdoor.IRC.Aladinz.H

W32.Tkbot.Worm

W32.HLLW.Mantas

Navigation