TexMod Virus?! - Guild Wars Forums

NameofSongs · Jan 01, 2009, 09:26 PM // 21:26

Hi there, I'm having issues with using TexMod. I was wondering if anyone can input their insight to this:

So I'm familiar with using TexMod and have used it for mapping and such. Then i stopped for awhile and did vanquishing, and now I had planned to use it again, but it got deleted. So I go on wiki and download it from there. Now I know that virus scanners will say it's a Trojan because what it does is modify the textures of the game, and my virus scan didn't have a problem with it running. Then when i tried using it recently, my virus scan said a Trojan has been removed and it was named pwsmmorpg gen, or something like that. I looked it up on the web and McAfee said that it can send vital info like passwords and such to remote websites. I was thinking that wiki's TexMod had a virus, so i try downloading from somewhere else and try running it, but my virus scan still says it removes the same trojan and the D'OH error message comes up with "Shit Happened.".

So if anyone could let me know if this is normal and okay, or if it is something serious and I shouldn't run it, then that would be very much appreciated! ^^
I also thought about disabling my virus protection, but I figured that's a very risky move, and will use it as a last resort. Thanks again!

own age myname · Jan 01, 2009, 10:02 PM // 22:02

That use to happen to me too. If you using Norton, that's probably why. I have no idea why it did that to me either...

Mister_Smiley · Jan 01, 2009, 10:03 PM // 22:03

sounds like its not only a virus but a CD key logger which will still your account information so someone can get into it and take verything. But i could be wrong.

Chthon · Jan 01, 2009, 10:22 PM // 22:22

1. A legit copy of texmod is 100% safe.

2. A legit copy of texmod often triggers a false-positive with virus scanners because its behavior is very similar to what a virus would do to peek into the games you're running. Each time the anti-virus company adds a virus with similar behavior to their virus definitions, there's a chance that texmod will be detected as that virus.

Some anti-virus makers allow users to submit files they think are false positives so that they can do a human review of the file and fix their definitions if it's really a false positive. For instance, I personally submitted a legit copy of texmod to Avira a few months ago, and they fixed the false positive within a few days.

3. An altered version of texmod could carry any sort of maliciousness.

4. Try http://virusscan.jotti.org/ to run a comparative virus scan. If your copy of texmod comes up as a virus on most or all of the scans, it's probably been altered; If it comes up clean on most the scans, your antivirus is probably giving you a false positive.

Empress Amarox · Jan 01, 2009, 10:24 PM // 22:24

I've never gotten any warnings. o_O

Quote:

Originally Posted by Chthon

4. Try http://virusscan.jotti.org/ to run a comparative virus scan. If your copy of texmod comes up as a virus on most or all of the scans, it's probably been altered; If it comes up clean on most the scans, your antivirus is probably giving you a false positive.

Compare md5?

ShoGunTheOne · Jan 02, 2009, 02:17 AM // 02:17

it sometimes can be detected as an Invader, as it uses another exe in the program, but it's just a false alarm

tenetke · Jan 02, 2009, 02:55 AM // 02:55

Just as a note MD5 isn't entirely secure. People take checksums way to seriously, you can check exactly what any program is doing though by using your terminal.

Zidane Ortef · Jan 02, 2009, 03:01 AM // 03:01

Its more then likely Norton in one of the recent virus updates a few months back made it flag as a virus all you need to do is go into your Antivirus and find where you can exclude a folder from the scan tell it to not look into the folder where you keep texmod and it will remain there from now on.

Empress Amarox · Apr 20, 2009, 08:05 PM // 20:05

I figured I'd bump this.

A couple days ago my AVG came up with a warning that texmod.exe was doing something or other with my svchost.exe and labeled it as Packed/NSPack (I hadn't played GW for weeks, so it certainly shouldn't have been doing anything!). So, paranoid as I am, I deleted texmod.

Awhile after this, some more warnings came up and they listed as files in my E System Volume Information, where I have GW installed - System Volume Information is System Restore files. 3 things popped up from there, so it's very likely that texmod is doing something awry.

Other than this there's pretty much no way I would have a virus. I'm fairly certain I have eliminated it now though. I right clicked My Computer and selected Properties then System Restore and turned off system restore, then rebooted. It deletes all data stored in the System Volume Information, including any Virii that may have still been there.

And my texmod was an OLD version back before there were scares of it being infected with anything...

Edit: I should also mention my account hasn't been compromised. But then again, that doesn't really mean much. I literally have never typed my password...

I generate them here: http://rumkin.com/tools/password/pass_gen.php
And use this: http://passwordsafe.sourceforge.net/

So, yeah...

refer · Apr 20, 2009, 11:38 PM // 23:38

Quote:

Originally Posted by own age myname

That use to happen to me too. If you using Norton, that's probably why. I have no idea why it did that to me either...

Try NOD32 or Avira. Those are really good ones. AVG or Avira free if you want free.

Jan 01, 2009, 09:26 PM // 21:26	#1
NameofSongs Academy Page Join Date: Mar 2008 Guild: Will You Please [STFU] Profession: Mo/	TexMod Virus?! Hi there, I'm having issues with using TexMod. I was wondering if anyone can input their insight to this: So I'm familiar with using TexMod and have used it for mapping and such. Then i stopped for awhile and did vanquishing, and now I had planned to use it again, but it got deleted. So I go on wiki and download it from there. Now I know that virus scanners will say it's a Trojan because what it does is modify the textures of the game, and my virus scan didn't have a problem with it running. Then when i tried using it recently, my virus scan said a Trojan has been removed and it was named pwsmmorpg gen, or something like that. I looked it up on the web and McAfee said that it can send vital info like passwords and such to remote websites. I was thinking that wiki's TexMod had a virus, so i try downloading from somewhere else and try running it, but my virus scan still says it removes the same trojan and the D'OH error message comes up with "Shit Happened.". So if anyone could let me know if this is normal and okay, or if it is something serious and I shouldn't run it, then that would be very much appreciated! ^^ I also thought about disabling my virus protection, but I figured that's a very risky move, and will use it as a last resort. Thanks again!

Jan 01, 2009, 10:03 PM // 22:03	#3
Mister_Smiley Wilds Pathfinder Join Date: Mar 2006	Logger sounds like its not only a virus but a CD key logger which will still your account information so someone can get into it and take verything. But i could be wrong. Last edited by Mister_Smiley; Jan 01, 2009 at 10:06 PM // 22:06..

Apr 20, 2009, 08:05 PM // 20:05	#9
Empress Amarox Krytan Explorer Join Date: Dec 2008 Location: Above you. Profession: Mo/W	I figured I'd bump this. A couple days ago my AVG came up with a warning that texmod.exe was doing something or other with my svchost.exe and labeled it as Packed/NSPack (I hadn't played GW for weeks, so it certainly shouldn't have been doing anything!). So, paranoid as I am, I deleted texmod. Awhile after this, some more warnings came up and they listed as files in my E System Volume Information, where I have GW installed - System Volume Information is System Restore files. 3 things popped up from there, so it's very likely that texmod is doing something awry. Other than this there's pretty much no way I would have a virus. I'm fairly certain I have eliminated it now though. I right clicked My Computer and selected Properties then System Restore and turned off system restore, then rebooted. It deletes all data stored in the System Volume Information, including any Virii that may have still been there. And my texmod was an OLD version back before there were scares of it being infected with anything... Edit: I should also mention my account hasn't been compromised. But then again, that doesn't really mean much. I literally have never typed my password... I generate them here: http://rumkin.com/tools/password/pass_gen.php And use this: http://passwordsafe.sourceforge.net/ So, yeah... Last edited by Empress Amarox; Apr 20, 2009 at 08:14 PM // 20:14..

Jan 01, 2009, 10:02 PM // 22:02	#2
own age myname Desert Nomad Join Date: Sep 2007 Location: Minnesota Guild: [TAS] Profession: R/	That use to happen to me too. If you using Norton, that's probably why. I have no idea why it did that to me either...

Jan 01, 2009, 10:22 PM // 22:22	#4
Chthon Grotto Attendant Join Date: Apr 2007	1. A legit copy of texmod is 100% safe. 2. A legit copy of texmod often triggers a false-positive with virus scanners because its behavior is very similar to what a virus would do to peek into the games you're running. Each time the anti-virus company adds a virus with similar behavior to their virus definitions, there's a chance that texmod will be detected as that virus. Some anti-virus makers allow users to submit files they think are false positives so that they can do a human review of the file and fix their definitions if it's really a false positive. For instance, I personally submitted a legit copy of texmod to Avira a few months ago, and they fixed the false positive within a few days. 3. An altered version of texmod could carry any sort of maliciousness. 4. Try http://virusscan.jotti.org/ to run a comparative virus scan. If your copy of texmod comes up as a virus on most or all of the scans, it's probably been altered; If it comes up clean on most the scans, your antivirus is probably giving you a false positive.

Jan 02, 2009, 02:17 AM // 02:17	#6
ShoGunTheOne Banned Join Date: Sep 2007 Location: Undercity Guild: 泰瑞亚联盟 Profession: E/	it sometimes can be detected as an Invader, as it uses another exe in the program, but it's just a false alarm

Jan 02, 2009, 02:55 AM // 02:55	#7
tenetke Ascalonian Squire Join Date: Mar 2008 Guild: Nights of Fortune Profession: W/R	Just as a note MD5 isn't entirely secure. People take checksums way to seriously, you can check exactly what any program is doing though by using your terminal.

Jan 02, 2009, 03:01 AM // 03:01	#8
Zidane Ortef Site Contributor Join Date: Dec 2006 Location: Martinsburg, WV Guild: Scions of Carver [SCAR]/Trinity Of The Ascended [ToA] Profession: W/	Its more then likely Norton in one of the recent virus updates a few months back made it flag as a virus all you need to do is go into your Antivirus and find where you can exclude a folder from the scan tell it to not look into the folder where you keep texmod and it will remain there from now on.