TFTP is trivial ftp or sometimes known as tiny ftp. It is a standard OS install file for NT based systems and does not mean you have a virus, its just a really convienent program for viruses and hackers to abuse. As some have suggested you can rename it although I would suggest you check to see if Windows File Protection restores the file when you're not looking (File protection can be removed via the registry if anyone wants the keys just ask), My personal strategy is to secure all my system binaries by removing all execute access rights from them except an explicit execute right to an admin account. 8 times out of 10 an exploit will be running under SYSTEM rights so removing any execute rights by SYSTEM to files such as tftp.exe cmd.exe command.com and many,many others (I can also provide a list of dangerous binaries to anyone interested.) is a good practice. Although disabling the WFP and removing the files is not neccessary, in the case of machines which are more likley to be attacked(aka Webserver) this can sometimes be the extra step to keep you from getting owned, however if a virus starts overwriting your system files dont come crying to me.


-Maestr0