Tftp
Results 1 to 8 of 8

Thread: Tftp

  1. #1
    Junior Member
    Join Date
    Aug 2003
    Posts
    8

    Tftp

    man, i wish i came to this site sooner.
    I do have in windows/sys 32 an app file falled tftp, but no where in site a msblast.exe or any other file that was mentiones as aka's for the virus/worm Does the sys32 usually have a tftp file in it????
    I ran the fix program to remove the virus, but didnt detect it, and did the windows update like instructed.

    but what concernes me also is that I CANT go into regedit, I'm reading how to remove crap from regedit, and every time i open that window, it closes. What is going on someone, no one has brought that up yet, with all the virus discussion. I'm on XP by the way.
    thanks

  2. #2
    Senior Member
    Join Date
    May 2003
    Posts
    207
    as for TFTP, if you didn't put it there, then it's a pretty good sign somebody else did, or the worm did. Have you tried booting in safe-mode, then trying to run reg-edit?

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    windows now comes with a tftp client...its supposed to be there. the worm just uses it to download more things onto your computer.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    472
    pls change the location of tftp client (tftp.exe) to some place which is out of ur system emvironment PATH.....and remeber the location you placed tftp.exe so that in case you nedd to use it you can ....i hope u are not using remote booring. becoz if you are to boot remotely the tftp.exe has to placed in the proper place again....but for the time being i think it is a good measure to take under given circumstances
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    im using 2k so i just renamed it to .ex_ in both system32 and i386.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Junior Member
    Join Date
    Feb 2003
    Posts
    19
    sounds like u might have a virus

    http://us.mcafee.com/virusInfo/default.asp?id=lovsan

  7. #7
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Well Lovesan is MSBlaster.. Try this one.. It attacks Tftp

    First McAfee : http://us.mcafee.com/virusInfo/defau...virus_k=100549
    Then Symantec: http://securityresponse.symantec.com....randex.e.html

    that right W32/Spybot.worm.lz & W32.Randex.E Same Virus.. Both using the same DCOM RPC Vuln..

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  8. #8
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    TFTP is trivial ftp or sometimes known as tiny ftp. It is a standard OS install file for NT based systems and does not mean you have a virus, its just a really convienent program for viruses and hackers to abuse. As some have suggested you can rename it although I would suggest you check to see if Windows File Protection restores the file when you're not looking (File protection can be removed via the registry if anyone wants the keys just ask), My personal strategy is to secure all my system binaries by removing all execute access rights from them except an explicit execute right to an admin account. 8 times out of 10 an exploit will be running under SYSTEM rights so removing any execute rights by SYSTEM to files such as tftp.exe cmd.exe command.com and many,many others (I can also provide a list of dangerous binaries to anyone interested.) is a good practice. Although disabling the WFP and removing the files is not neccessary, in the case of machines which are more likley to be attacked(aka Webserver) this can sometimes be the extra step to keep you from getting owned, however if a virus starts overwriting your system files dont come crying to me.


    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •