TFTP is Trying to Access Internet

Archived from groups: microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general (More info?)

Hi All,

I have Windows XP + SP1 with ZoneAlarm Latest Installed.

Sometime Zonealarm alert me about TFTP is trying to access Internet. When I
verified the Property of TFTP.exe I found that is Belongs to Microsoft and
found info from internet that that is a limited version of Microsoft FTP
client.

Why is that executable trying to access internet? Is that Indicated that
some Spyware exists in my PC? I have Scanned my PC using MS Antispyware BETA
but no spy found. (I have AVG Antivirus Installed)

Please Suggest.

Thanks
Prabhat
14 answers Last reply
More about tftp access internet
  1. Archived from groups: microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general (More info?)

    Hi

    That file is related to TCP/IP. Have you had any problems with any web
    sites if you deny Internet access?

    --

    Will Denny
    MS-MVP Windows Shell/User
    Please reply to the News Groups


    "Prabhat" <not_a_mail@hotmail.com> wrote in message
    news:OBrE9VVgFHA.2700@TK2MSFTNGP15.phx.gbl...
    > Hi All,
    >
    > I have Windows XP + SP1 with ZoneAlarm Latest Installed.
    >
    > Sometime Zonealarm alert me about TFTP is trying to access Internet. When
    > I
    > verified the Property of TFTP.exe I found that is Belongs to Microsoft and
    > found info from internet that that is a limited version of Microsoft FTP
    > client.
    >
    > Why is that executable trying to access internet? Is that Indicated that
    > some Spyware exists in my PC? I have Scanned my PC using MS Antispyware
    > BETA
    > but no spy found. (I have AVG Antivirus Installed)
    >
    > Please Suggest.
    >
    > Thanks
    > Prabhat
    >
    >
  2. Archived from groups: microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general (More info?)

    From: "Prabhat" <not_a_mail@hotmail.com>

    | Hi All,
    |
    | I have Windows XP + SP1 with ZoneAlarm Latest Installed.
    |
    | Sometime Zonealarm alert me about TFTP is trying to access Internet. When I
    | verified the Property of TFTP.exe I found that is Belongs to Microsoft and
    | found info from internet that that is a limited version of Microsoft FTP
    | client.
    |
    | Why is that executable trying to access internet? Is that Indicated that
    | some Spyware exists in my PC? I have Scanned my PC using MS Antispyware BETA
    | but no spy found. (I have AVG Antivirus Installed)
    |
    | Please Suggest.
    |
    | Thanks
    | Prabhat
    |

    Dump the contents of the IE Temporary Internet Folder cache (TIF)
    Start --> Settings --> Control Panel --> Internet Options --> Delete Files

    Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
    Tools --> Options --> Privacy --> Cache --> Clear

    Download MULTI_AV.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
    http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
    (.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
    simplify the process of using up to 3 different Anti Virus Command Line Scanners to remove
    viruses and various other malware.

    C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    This will bring up the initial menu of choices and should be executed in Normal Mode. This
    way all the components can be downloaded from each AV vendor’s web site.
    The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

    You can choose to go to each menu item and just download the needed files or you can
    download the files and perform a scan in Normal Mode. Once you have downloaded the files
    needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    during boot] and re-run the menu again and choose which scanner you want to run in Safe
    Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

    When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    file.

    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    NOTE: You may have to disable your software FireWall or allow WGET.EXE and/or FTP.EXE to go
    through your FireWall to allow them to download the needed AV vendor related files.

    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  3. Archived from groups: microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general (More info?)

    Will wrote on Tue, 5 Jul 2005 13:34:38 +0100:

    > Hi
    >
    > That file is related to TCP/IP. Have you had any problems with any web
    > sites if you deny Internet access?
    >
    > --
    >
    > Will Denny
    > MS-MVP Windows Shell/User
    > Please reply to the News Groups


    That file is the Trivial File Transfer Protocol program that comes with
    Windows. It's only relation to TCP/IP is that it uses TCP/IP to connect to
    TFTP servers.

    Most likely there's malware on the machine trying to use it to download
    files from a TFTP server. The only time I've ever seen it in use was on a
    test web server I had running that suffered from a buffer overflow hack on
    it's web server software (which incidentally wasn't IIS) and the TFTP
    program was launched by the attack to download an executable which would
    have opened a "backdoor" into the server (which would have been prevented by
    the hardware firewall in place anyway), and after sending to NAI and
    Kapersky it was determined that the TFTP connection had been interrupted so
    the executable was incomplete, but enough of it was present for them to be
    able to make an analysis and put out signatures. Never had this return
    either as the web server software was fixed soon afterwards.

    Dan

    > "Prabhat" <not_a_mail@hotmail.com> wrote in message news:OBrE9VVgFHA.2700@TK2MSFTNGP15.phx.gbl...
    >> Hi All,
    >>
    >> I have Windows XP + SP1 with ZoneAlarm Latest Installed.
    >>
    >> Sometime Zonealarm alert me about TFTP is trying to access Internet. When
    >> I verified the Property of TFTP.exe I found that is Belongs to Microsoft
    >> and found info from internet that that is a limited version of Microsoft
    >> FTP client.
    >>
    >> Why is that executable trying to access internet? Is that Indicated that
    >> some Spyware exists in my PC? I have Scanned my PC using MS Antispyware
    >> BETA
    >> but no spy found. (I have AVG Antivirus Installed)
    >>
    >> Please Suggest.
    >>
    >> Thanks
    >> Prabhat
    >>
  4. Archived from groups: microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general (More info?)

    > That file is related to TCP/IP. Have you had any problems with any web
    > sites if you deny Internet access?

    Hi, Every time it ask permission to connect to internet I deny. But I never
    had any problem and later I set the rule in Zonealarm to deny every time.
    But I just wanted to know If I have not requested then how it will connect
    to any FTP server?
  5. Archived from groups: microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general (More info?)

    Hi David,

    Thanks for the Info. I will use the script and verify the System. But I have
    scan my system once using NAV 2005 But no result while recently I used AVG
    (as currently I am using) and able to find one virus from my PC.

    Thanks
    Prabhat

    > Dump the contents of the IE Temporary Internet Folder cache (TIF)
    > Start --> Settings --> Control Panel --> Internet Options --> Delete Files
    >
    > Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
    > Tools --> Options --> Privacy --> Cache --> Clear
    >
    > Download MULTI_AV.EXE from the URL --
    > http://www.ik-cs.com/programs/virtools/Multi_AV.exe
    >
    > It is a self-extracting ZIP file that contains the Kixtart Script
    Interpreter {
    > http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart
    scripts, one Link
    > (.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and
    WGET.EXE. It will
    > simplify the process of using up to 3 different Anti Virus Command Line
    Scanners to remove
    > viruses and various other malware.
    >
    > C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    > This will bring up the initial menu of choices and should be executed in
    Normal Mode. This
    > way all the components can be downloaded from each AV vendor's web site.
    > The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
    >
    > You can choose to go to each menu item and just download the needed files
    or you can
    > download the files and perform a scan in Normal Mode. Once you have
    downloaded the files
    > needed for each scanner you want to use, you should reboot the PC into
    Safe Mode [F8 key
    > during boot] and re-run the menu again and choose which scanner you want
    to run in Safe
    > Mode. It is suggested to run the scanners in both Safe Mode and Normal
    Mode.
    >
    > When the menu is displayed hitting 'H' or 'h' will bring up a more
    comprehensive PDF help
    > file.
    >
    > To use this utility, perform the following...
    > Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    > Choose; Unzip
    > Choose; Close
    >
    > Execute; C:\AV-CLS\StartMenu.BAT
    > { or Double-click on 'Start Menu' in C:\AV-CLS }
    >
    > NOTE: You may have to disable your software FireWall or allow WGET.EXE
    and/or FTP.EXE to go
    > through your FireWall to allow them to download the needed AV vendor
    related files.
    >
    > * * * Please report back your results * * *
    >
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
  6. Archived from groups: microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general (More info?)

    From: "Prabhat" <not_a_mail@hotmail.com>

    | Hi David,
    |
    | Thanks for the Info. I will use the script and verify the System. But I have
    | scan my system once using NAV 2005 But no result while recently I used AVG
    | (as currently I am using) and able to find one virus from my PC.
    |
    | Thanks
    | Prabhat


    There is no OS reason to use TFTP unless you are specifically doing it fot a resson succh as
    using it in a BootP/TFTP process such as configuring network devices such as a Ethernet
    switch, Router or print server. Therefore malware is presumed and is highly likely.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  7. Archived from groups: microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general (More info?)

    tftp can be a security risk. If it is attempting to access the Internet
    then yes I'd say you have a problem. You cannot remove that file for if you
    do you will have System File errors. The file is necessary. If you want to
    stop it from accessing the Internet remove all NTFS permissions from it and
    I mean all. When you apply updates to Wuindows XP you may have to reenable
    those permissions first by checking Allow permissions to propagate to it.
    Then remove them when you are done. Don't worry if you forget Windows will
    give you the option to fix the problem and you know what the problem is.

    --
    George Hester
    _______________________________
    "Prabhat" <not_a_mail@hotmail.com> wrote in message
    news:OBrE9VVgFHA.2700@TK2MSFTNGP15.phx.gbl...
    > Hi All,
    >
    > I have Windows XP + SP1 with ZoneAlarm Latest Installed.
    >
    > Sometime Zonealarm alert me about TFTP is trying to access Internet. When
    I
    > verified the Property of TFTP.exe I found that is Belongs to Microsoft and
    > found info from internet that that is a limited version of Microsoft FTP
    > client.
    >
    > Why is that executable trying to access internet? Is that Indicated that
    > some Spyware exists in my PC? I have Scanned my PC using MS Antispyware
    BETA
    > but no spy found. (I have AVG Antivirus Installed)
    >
    > Please Suggest.
    >
    > Thanks
    > Prabhat
    >
    >
  8. Archived from groups: microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general (More info?)

    The Windows firmware update program "tftp.exe", supplied by Linksys and UMAX
    as part of their firmware update .exe files. More info on Security listed
    here:
    http://www.practicallynetworked.com/support/tftp_problem.htm

    --

    All the Best,
    Kelly (MS-MVP)

    Troubleshooting Windows XP
    http://www.kellys-korner-xp.com


    "George Hester" <hesterloli@hotmail.com> wrote in message
    news:eUBvsE2gFHA.2840@tk2msftngp13.phx.gbl...
    > tftp can be a security risk. If it is attempting to access the Internet
    > then yes I'd say you have a problem. You cannot remove that file for if
    > you
    > do you will have System File errors. The file is necessary. If you want
    > to
    > stop it from accessing the Internet remove all NTFS permissions from it
    > and
    > I mean all. When you apply updates to Wuindows XP you may have to
    > reenable
    > those permissions first by checking Allow permissions to propagate to it.
    > Then remove them when you are done. Don't worry if you forget Windows
    > will
    > give you the option to fix the problem and you know what the problem is.
    >
    > --
    > George Hester
    > _______________________________
    > "Prabhat" <not_a_mail@hotmail.com> wrote in message
    > news:OBrE9VVgFHA.2700@TK2MSFTNGP15.phx.gbl...
    >> Hi All,
    >>
    >> I have Windows XP + SP1 with ZoneAlarm Latest Installed.
    >>
    >> Sometime Zonealarm alert me about TFTP is trying to access Internet. When
    > I
    >> verified the Property of TFTP.exe I found that is Belongs to Microsoft
    >> and
    >> found info from internet that that is a limited version of Microsoft FTP
    >> client.
    >>
    >> Why is that executable trying to access internet? Is that Indicated that
    >> some Spyware exists in my PC? I have Scanned my PC using MS Antispyware
    > BETA
    >> but no spy found. (I have AVG Antivirus Installed)
    >>
    >> Please Suggest.
    >>
    >> Thanks
    >> Prabhat
    >>
    >>
    >
  9. Archived from groups: microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general (More info?)

    From: "Kelly" <kelly@mvps.org>

    | The Windows firmware update program "tftp.exe", supplied by Linksys and UMAX
    | as part of their firmware update .exe files. More info on Security listed
    | here:
    | http://www.practicallynetworked.com/support/tftp_problem.htm
    |
    | --
    |
    | All the Best,
    | Kelly (MS-MVP)
    | | Troubleshooting Windows XP

    In reference to that URL, storing the Routers password as ClearText in the TFTP client is
    hardly a problem if the following are set...

    "Block WAN request" -- Enabled
    "Remote Management" -- Disabled
    "Remote Upgrade" -- Disabled.

    However I truly doubt that the OPs problems has anything to do with the TFTP client that
    comes with a Router's FirmWare and it is the TFTP client that is used in the OS that is
    being used as indicated in the OPs problem.

    And I disagree with George's assessment - "You cannot remove that file for if you do you
    will have System File errors. The file is necessary". I know of no known reason that
    TFTP.EXE would be used in the Windows OS in a kernel functionality. It is a mere client
    utility like FTP.EXE and is used by the Windows PC user as needed.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  10. Archived from groups: microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general (More info?)

    Dave all I ask you to do is try it. Remove the file if you want. Install a
    Service Pack. It will reappear. Better yet leave it alone. Remove the
    permissions from it it's almost the same thing but isn't.

    --
    George Hester
    _______________________________
    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:O1KUBS7gFHA.2916@TK2MSFTNGP14.phx.gbl...
    > From: "Kelly" <kelly@mvps.org>
    >
    > | The Windows firmware update program "tftp.exe", supplied by Linksys and
    UMAX
    > | as part of their firmware update .exe files. More info on Security
    listed
    > | here:
    > | http://www.practicallynetworked.com/support/tftp_problem.htm
    > |
    > | --
    > |
    > | All the Best,
    > | Kelly (MS-MVP)
    > | | Troubleshooting Windows XP
    >
    > In reference to that URL, storing the Routers password as ClearText in the
    TFTP client is
    > hardly a problem if the following are set...
    >
    > "Block WAN request" -- Enabled
    > "Remote Management" -- Disabled
    > "Remote Upgrade" -- Disabled.
    >
    > However I truly doubt that the OPs problems has anything to do with the
    TFTP client that
    > comes with a Router's FirmWare and it is the TFTP client that is used in
    the OS that is
    > being used as indicated in the OPs problem.
    >
    > And I disagree with George's assessment - "You cannot remove that file for
    if you do you
    > will have System File errors. The file is necessary". I know of no known
    reason that
    > TFTP.EXE would be used in the Windows OS in a kernel functionality. It is
    a mere client
    > utility like FTP.EXE and is used by the Windows PC user as needed.
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
  11. Archived from groups: microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general (More info?)

    From: "George Hester" <hesterloli@hotmail.com>

    | Dave all I ask you to do is try it. Remove the file if you want. Install a
    | Service Pack. It will reappear. Better yet leave it alone. Remove the
    | permissions from it it's almost the same thing but isn't.
    |
    | --
    | George Hester

    Well if I delete or rename it, it gets restored. Even w/o installing a SP.
    BTW: I am on Win2K and this happens.

    I renamed the native TFTP.EXE and dropped a Linksys Read-Only TFTP.EXE file and it was still
    auto-replaced.

    So if you assert "it is neccessary", then what is it used for ?

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  12. Archived from groups: microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general (More info?)

    Hi David Thanks for the suggestion and settings.
    Prabhat


    > In reference to that URL, storing the Routers password as ClearText in the
    TFTP client is
    > hardly a problem if the following are set...
    >
    > "Block WAN request" -- Enabled
    > "Remote Management" -- Disabled
    > "Remote Upgrade" -- Disabled.
    >
    > However I truly doubt that the OPs problems has anything to do with the
    TFTP client that
    > comes with a Router's FirmWare and it is the TFTP client that is used in
    the OS that is
    > being used as indicated in the OPs problem.
    >
    > And I disagree with George's assessment - "You cannot remove that file for
    if you do you
    > will have System File errors. The file is necessary". I know of no known
    reason that
    > TFTP.EXE would be used in the Windows OS in a kernel functionality. It is
    a mere client
    > utility like FTP.EXE and is used by the Windows PC user as needed.
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
  13. Archived from groups: microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general (More info?)

    where is it connecting too.
    --
    --------------------------------------------------------------------------------------------------
    http://webdiary.smh.com.au/archives/_comment/001075.html
    =================================================
    "Prabhat" <not_a_mail@hotmail.com> wrote in message news:OFgmbtXgFHA.2632@TK2MSFTNGP09.phx.gbl...
    >> That file is related to TCP/IP. Have you had any problems with any web
    >> sites if you deny Internet access?
    >
    > Hi, Every time it ask permission to connect to internet I deny. But I never
    > had any problem and later I set the rule in Zonealarm to deny every time.
    > But I just wanted to know If I have not requested then how it will connect
    > to any FTP server?
    >
    >
    >
  14. Archived from groups: microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.general (More info?)

    I don't know and I agree having it at all is a security risk. It is a
    System Protected file. sfc will gripe if it is not there and if all
    permissions are removed on it. But really just leave it where it is.
    Remove the permissions and you almost have it "not there." It avoids sfc
    issues. It's easy to put it back in by allowing permissions to propagate to
    it. That's my suggestion.

    --
    George Hester
    _______________________________
    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:O#0WUM$gFHA.1996@TK2MSFTNGP10.phx.gbl...
    > From: "George Hester" <hesterloli@hotmail.com>
    >
    > | Dave all I ask you to do is try it. Remove the file if you want.
    Install a
    > | Service Pack. It will reappear. Better yet leave it alone. Remove the
    > | permissions from it it's almost the same thing but isn't.
    > |
    > | --
    > | George Hester
    >
    > Well if I delete or rename it, it gets restored. Even w/o installing a
    SP.
    > BTW: I am on Win2K and this happens.
    >
    > I renamed the native TFTP.EXE and dropped a Linksys Read-Only TFTP.EXE
    file and it was still
    > auto-replaced.
    >
    > So if you assert "it is neccessary", then what is it used for ?
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
Ask a new question

Read More

Microsoft Internet Windows XP