Strange problem with XP Pro

[dalert0140]

I was rereading your first post but couldn't find what antivirus you are running.I used to use AVG but then switched to AntiVir.It's pretty good,the program is updated regularly and so are the definitions,when the blaster worm was going around,they updated the def. the very same day,which is what saved my butt.
Get it here:http://fileforum.betanews.com/detail...fid=1032566653

Reboot in safe mode and do a scan.

Hope this helps at least some.

[Asterix]

well Lady....

Let me tell u how our campus firewall works it just rejects all the incoming and outgoing connections on all ports except 80 that's it simple and easy.....

So I think it is pretty good for security but really bad coz we cant even access ftp

Now I dont abt ZA much coz this is first time im tryin out a Firewall...but im running it in stealth mode where by it blocks off even the pings....so i hope i would stay secure till i figure this thing out....

And thx for suggestion dalert ill give it a try

[Asterix]

OK... finally the program spawned.. I couldnt find what actually is triggering it but it triggered a program called tftp.exe in the \Windows\System32 folder.

Now temporarily i have removed the program to another location...

My search on the net says TFTP is a protocol that allows access to unrestricted TFTP servers....

So what do u guys think???

[~*LdY*LaFFs*~]

I think you should take out all traces of it from your system completely (including registry). You didn't install this...so ya gotta ask yourself, "How'd it get on board?"

[Asterix]

well searched arnd and have actually found that even this is another windows system file and even this is replaced by windows when it is moved or deleted

And the only reference i found for this program in registry was in relation with search assitant where it remembers the recent search terms

So back to the starting

[~*LdY*LaFFs*~]

Ok, sorry.. What you want is to identify wht is utilizing tftp to take over your computer. Have you looked in your Task Manager to see wht's running (progs/processes) whn this is going on? Is this happening only whn you're online? Have you watched/checked port activity for whn this occurs?

btw, run security checks : https://grc.com/x/ne.dll?bh0bkyd2

[Asterix]

The thing is im on a campus LAN so as soon as turn on my system im online...

Now the program that is running the tftp is cmd.exe which startsup as a system process... as for ports right now everything is blocked off by my firewall even i have set it that it wont reply pings...

Now the problem is I cant see what exactly is triggering the cmd.exe i have looked in my task manager and have found nothing that is suspicious all are genuine sys process i have made sure that they system processes in the following way

I see the program name then i go to windows installation directory and try to delete the app by that name now if i get access denied then, Im assuming that it is the same as the process as that is running coz i have to able to move them if kill that particular process(Not all as for some Windows doesnt allow me sayin they are critical)

Will be lookin for soln and will post im able to solve it

[Asterix]

well moreover i took that test...

It failed two things one it showed i had an Http server which yes i have one Apache installed...

And that all my ports only closed not in stealth i mean all my ports respond that they exist but they are closed i think this is done due to my college firewall which replies the server....coz i added their ip into trusted zone allowing connections but still all ports showed up closed....

But the thing is it wont matter much coz i think the culprit is on my LAN :@

[~*LdY*LaFFs*~]

To enable/disable Internet Connection :

Go to Control Panel > Internet Connections > LAN (toss up a desktop shortcut for convenience)

[Asterix]

Ahh i dont want to shut myself off LAN.. coz we use it a lot contact each other(Messenger it is very useful)....

I hope ill be able to solve by this weekend if not ill be goin for clean format of HDD

[~*LdY*LaFFs*~]

There are times tht you want to disconnect internet.. Like whn you do your F-disk. And, I was curious if these events were exclusive to whn you were online.

[~*LdY*LaFFs*~]

FYI Update:

Quote:

Asterix wrote :
I was infected by Welchia worm which, tries to download patch for Blaster Worm and install it. U need to patch for Blaster worm and this problem will go and there is a free Welchia cleanup tool from Symantec u can grab that too..