First, I have to ask if this is perhaps a new vulnerability in pure-ftpd? I don't think it is, because I'm not seeing enough exploits to really point to this being a widespread problem.
I suspect that this has to do with the thread at:
but that thread is a few years old. I haven't read through all of the thread, but from what I gather on this thread is that the problem is related to keyloggers and trojans being installed on the client's personal computer. I figure that this is the case with what I am experiencing. Is the Mpack exploit still being used as it is referenced in that thread? Is the Mpack exploit still undetectable? Is it another exploit, maybe something newer than Mpack?
I suppose my main question regarding this, if a client's personal computer is infected with something, what type of scanner do they need to run on their computer to show the infection? Will AVG or Avast report this exploit? I am looking for some way to show and prove to the user that their personal computer is infected.