Thread: TFTP
View Single Post
  #2  
Old 01-05-2006, 04:19 AM
David H. Lipman
 
Posts: n/a
Default Re: TFTP
From: "Teri" <Teri@discussions.microsoft.com>

| First I will tell you I run XP Home Edition on my pc.
|
| I use the built in firewall in XP Home and I have the Microsoft Antispyware
| and all available updates (critical). I have SP1 and I really do not want
| SP2. I use the Prevx Home Anti-Virus software and I do regular scans on my
| pc. I am an internet surfer and so I had to learn to "clean up". I use CW
| Shredder, Hijack This and I have my computer configured so that nothing
| starts up in msconfig. I use Stinger and Panda on line scan and Adaware and
| Spybot S&D.
|
| Even with all of that I recently was attacked by a couple of virus's
| W32/Sdbot.ftp.worm and W32/Sdbot.DOF.worm. The first one was in the file
| C:\Windows\System32\phhh.dll and Stinger found it. The 2nd one was in the
| System32\TFTP1756 and Panda found it . My question is there is still a file
| there called TFTP1544. I have learned that TFTP stands for Trivial File
| Transfer Protocol and is used with the TCP/IP Protocol. There is still a
| couple of files in my system 32 folder that I am curious about. One is a
| TFTP1544 and the other is a TFTP.exe, are they supposed to be there?


There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

PREVX is not anti virus software. It is a supplemental program but insufficient to protect
your PC like an anti virus application. You need a full time anti virus application capable
of "On Access" and "On Demand" scanning capabilities. MS Anti Spyware, Ad-aware SE and
SpyBot S&D are for non-viral malware and won't help (with a few exceptions) with viral
malware.

Stinger is an "On Demand" AV scanner that only targets ~54 infectors, mostl;y Internet
worms. The SDBot happens to be one of them. However, there are NEW SDBots variants that
may not be caught by Stinger since it hasn't been updated in a month and when it was last
updated it wasn't updated for new variants for the SDBot and there are new variants now
being seen.

TFTP.EXE is a file native to the OS.
C:\Windows\System32\TFTPxxxx (where xxxx can be some number) is not a part of the OS and is
indicative of an infection and should be removed.


Here are some suggested FREE AV solutions...

AVAST -
http://www.avast.com/i_idt_1016.html - FREE

AntiVir -
http://www.free-av.com/ - FREE

AVG -
http://free.grisoft.com/freeweb.php/doc/2/lng/us/tpl/v5 - FREE

The *best* AV solutions however will cost money and they are Kaspersky and NOD32 in that
order.

The following can be used to replace Stinger. As mentioned before, Stinger has a limited
target list and is rarely updated. The below uses the command line scanners from; Sophos,
McAfee, Kaspersky and Trend Micro and each are reguarly updated. The McAfee commnad line
scanner alone will recognize approx. 155,000 infectors, both viral and non-viral. It is
suggested that you run the below utility.

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti Virus Command
Line Scanners to remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Reply With Quote