Issues with EXPLORER.EXE and other possibly related problems.

[Suniti]

I doubt that anybody would have a clue as to what is
afflicting my copy of XP, but I have very few [free]
alternatives. These problems mostly involve strange
programs upon startup that I've never seen before,
extensionless files that somehow repeatedly make their way
into the startup folder and multiple (apparent)
remotely-triggered shutdowns.

First of all, the remote shutdowns have always announced
themselves to me through a dialog box that pops up,
explaining that a "Remote Call Procedure" had abnormally
terminated, an "NT Authority/System" triggering this
shutdown, and that I have 30 seconds to save open files and
close open programs before the shutdown.
Upon restarting the computer, I find two extensionless
files had somehow been placed into the startup folder. The
only reason I noticed this is because Windows brings up a
dialog asking me what program I want to open these files
with. The names of these files begin with TFTP, followed by
three to four numbers. These pairs of files I've found, so
far were named as follows: TFTP352 and TFTP2884, TFTP1944
and TFTP1696. (The reason I have two pairs of files listed
is because I had deleted the first set from the startup
folder.)
After a few of these somewhat unexplained shutdowns, I
noticed a few oddities in the "Processes" tab of the task
manager. I regularly open the task manager upon first
reaching the desktop after rebooting to close any annoying
programs that run during startup, so I immediately noticed
a few foreign programs amongst the list. The names of these
files are: TMNTSRV.EXE, PPOE.EXE, SRVANY.EXE, POP3TRAP.EXE,
TMPROXY.EXE.

If anyone has the slightest clue as to what might be going
on with my copy XP, please let me know.

 

[MCArch]

I doubt that anybody would have a clue as to what is
afflicting my copy of XP, but I have very few [free]
alternatives. These problems mostly involve strange
programs upon startup that I've never seen before,
extensionless files that somehow repeatedly make their way
into the startup folder and multiple (apparent)
remotely-triggered shutdowns.

First of all, the remote shutdowns have always announced
themselves to me through a dialog box that pops up,
explaining that a "Remote Call Procedure" had abnormally
terminated, an "NT Authority/System" triggering this
shutdown, and that I have 30 seconds to save open files and
close open programs before the shutdown.
Upon restarting the computer, I find two extensionless
files had somehow been placed into the startup folder. The
only reason I noticed this is because Windows brings up a
dialog asking me what program I want to open these files
with. The names of these files begin with TFTP, followed by
three to four numbers. These pairs of files I've found, so
far were named as follows: TFTP352 and TFTP2884, TFTP1944
and TFTP1696. (The reason I have two pairs of files listed
is because I had deleted the first set from the startup
folder.)
After a few of these somewhat unexplained shutdowns, I
noticed a few oddities in the "Processes" tab of the task
manager. I regularly open the task manager upon first
reaching the desktop after rebooting to close any annoying
programs that run during startup, so I immediately noticed
a few foreign programs amongst the list. The names of these
files are: TMNTSRV.EXE, PPOE.EXE, SRVANY.EXE, POP3TRAP.EXE,
TMPROXY.EXE.

If anyone has the slightest clue as to what might be going
on with my copy XP, please let me know.

That'd sure alarm me. The first thing I would do is immediately disconnect
any network connections, then I'd run antivirus software, followed by anti
spyware software. Then reboot and run them again.

 

[Patrick Keenan]

I doubt that anybody would have a clue as to what is
afflicting my copy of XP, but I have very few [free]
alternatives. These problems mostly involve strange
programs upon startup that I've never seen before,
extensionless files that somehow repeatedly make their way
into the startup folder and multiple (apparent)
remotely-triggered shutdowns.

First of all, the remote shutdowns have always announced
themselves to me through a dialog box that pops up,
explaining that a "Remote Call Procedure" had abnormally
terminated, an "NT Authority/System" triggering this
shutdown, and that I have 30 seconds to save open files and
close open programs before the shutdown.
Upon restarting the computer, I find two extensionless
files had somehow been placed into the startup folder. The
only reason I noticed this is because Windows brings up a
dialog asking me what program I want to open these files
with. The names of these files begin with TFTP,

TFTP is a file transfer protocol, not to be confused with FTP. It's often
used to communicate with network hardware like routers and switches.

followed by
three to four numbers. These pairs of files I've found, so
far were named as follows: TFTP352 and TFTP2884, TFTP1944
and TFTP1696. (The reason I have two pairs of files listed
is because I had deleted the first set from the startup
folder.)
After a few of these somewhat unexplained shutdowns, I
noticed a few oddities in the "Processes" tab of the task
manager. I regularly open the task manager upon first
reaching the desktop after rebooting to close any annoying
programs that run during startup, so I immediately noticed
a few foreign programs amongst the list. The names of these
files are:

TMNTSRV.EXE, C-cillin Real-time Scan

PPOE.EXE, Not sure, can't find this. Are you sure you've spelled it
correctly and it's not actually PPPoE.EXE?

SRVANY.EXE, - allows apps to run as a service, it's from the NT4 resource
kit.

POP3TRAP.EXE, - this is also part of PC-Cillin

TMPROXY.EXE. - Also part of PC-Cillin. The TM stands for Trend Micro.

If anyone has the slightest clue as to what might be going
on with my copy XP, please let me know.

To start:

I would suggest starting in safe mode and running MSCONFIG, and basically
shutting off anything that starts that is not absolutely needed. Then
reboot normally go to an online virus site such as
http://housecall.trendmicro.com/. If your installed version of pc-cillin
is corrupted, you'll overcome that with the online scan.

Also download, install and run SpyBot, and consider carefully whatever it
tells you. Let it delete as much as you can.

But, you are running an alternate shell, is that correct? What happens to
the system if you switch back to the default shell? Does it re-stabilize?

HTH
-pk

 

[Michael Solomon \(MS-MVP Windows Shell/User\)]

I doubt that anybody would have a clue as to what is
afflicting my copy of XP, but I have very few [free]
alternatives. These problems mostly involve strange
programs upon startup that I've never seen before,
extensionless files that somehow repeatedly make their way
into the startup folder and multiple (apparent)
remotely-triggered shutdowns.

First of all, the remote shutdowns have always announced
themselves to me through a dialog box that pops up,
explaining that a "Remote Call Procedure" had abnormally
terminated, an "NT Authority/System" triggering this
shutdown, and that I have 30 seconds to save open files and
close open programs before the shutdown.
Upon restarting the computer, I find two extensionless
files had somehow been placed into the startup folder. The
only reason I noticed this is because Windows brings up a
dialog asking me what program I want to open these files
with. The names of these files begin with TFTP,

TFTP is a file transfer protocol, not to be confused with FTP. It's
often used to communicate with network hardware like routers and
switches.

followed by
three to four numbers. These pairs of files I've found, so
far were named as follows: TFTP352 and TFTP2884, TFTP1944
and TFTP1696. (The reason I have two pairs of files listed
is because I had deleted the first set from the startup
folder.)
After a few of these somewhat unexplained shutdowns, I
noticed a few oddities in the "Processes" tab of the task
manager. I regularly open the task manager upon first
reaching the desktop after rebooting to close any annoying
programs that run during startup, so I immediately noticed
a few foreign programs amongst the list. The names of these
files are:

TMNTSRV.EXE, C-cillin Real-time Scan

PPOE.EXE, Not sure, can't find this. Are you sure you've spelled
it correctly and it's not actually PPPoE.EXE?

SRVANY.EXE, - allows apps to run as a service, it's from the NT4
resource kit.

POP3TRAP.EXE, - this is also part of PC-Cillin

TMPROXY.EXE. - Also part of PC-Cillin. The TM stands for Trend
Micro.

If anyone has the slightest clue as to what might be going
on with my copy XP, please let me know.

To start:

I would suggest starting in safe mode and running MSCONFIG, and
basically shutting off anything that starts that is not absolutely
needed. Then reboot normally go to an online virus site such as
http://housecall.trendmicro.com/. If your installed version of
pc-cillin is corrupted, you'll overcome that with the online scan.

Also download, install and run SpyBot, and consider carefully
whatever it tells you. Let it delete as much as you can.

But, you are running an alternate shell, is that correct? What
happens to the system if you switch back to the default shell? Does
it re-stabilize?

HTH
-pk

If I'm not mistaken, the appearence of TFTP files can also be a symptom of
the Nimda virus.

 

[Rob]

I doubt that anybody would have a clue as to what is
afflicting my copy of XP, but I have very few [free]
alternatives. These problems mostly involve strange
programs upon startup that I've never seen before,
extensionless files that somehow repeatedly make their way
into the startup folder and multiple (apparent)
remotely-triggered shutdowns.

First of all, the remote shutdowns have always announced
themselves to me through a dialog box that pops up,
explaining that a "Remote Call Procedure" had abnormally
terminated, an "NT Authority/System" triggering this
shutdown, and that I have 30 seconds to save open files and
close open programs before the shutdown.
Upon restarting the computer, I find two extensionless
files had somehow been placed into the startup folder. The
only reason I noticed this is because Windows brings up a
dialog asking me what program I want to open these files
with. The names of these files begin with TFTP,

TFTP is a file transfer protocol, not to be confused with FTP. It's
often used to communicate with network hardware like routers and
switches.

followed by
three to four numbers. These pairs of files I've found, so
far were named as follows: TFTP352 and TFTP2884, TFTP1944
and TFTP1696. (The reason I have two pairs of files listed
is because I had deleted the first set from the startup
folder.)
After a few of these somewhat unexplained shutdowns, I
noticed a few oddities in the "Processes" tab of the task
manager. I regularly open the task manager upon first
reaching the desktop after rebooting to close any annoying
programs that run during startup, so I immediately noticed
a few foreign programs amongst the list. The names of these
files are:

TMNTSRV.EXE, C-cillin Real-time Scan

PPOE.EXE, Not sure, can't find this. Are you sure you've spelled
it correctly and it's not actually PPPoE.EXE?

SRVANY.EXE, - allows apps to run as a service, it's from the NT4
resource kit.

POP3TRAP.EXE, - this is also part of PC-Cillin

TMPROXY.EXE. - Also part of PC-Cillin. The TM stands for Trend
Micro.

If anyone has the slightest clue as to what might be going
on with my copy XP, please let me know.

To start:

I would suggest starting in safe mode and running MSCONFIG, and
basically shutting off anything that starts that is not absolutely
needed. Then reboot normally go to an online virus site such as
http://housecall.trendmicro.com/. If your installed version of
pc-cillin is corrupted, you'll overcome that with the online scan.

Also download, install and run SpyBot, and consider carefully
whatever it tells you. Let it delete as much as you can.

But, you are running an alternate shell, is that correct? What
happens to the system if you switch back to the default shell? Does
it re-stabilize?

HTH
-pk

If I'm not mistaken, the appearence of TFTP files can also be a symptom of
the Nimda virus.

I found similar symptoms on one of my users pc's and found
w32.blaster.worm had infected the pc.

Here is the info on it from symantec's web site.

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

Good luck, I am in the process of scanning and removing it now.