 |
|
Oct 27, 2008, 03:40 AM // 03:40
|
#1 |
|
Silence and Motion
Join Date: Jul 2006
Location: Buffalo NY
Guild: New Horizon [NH]
|
TexMod Trojan
My Symantec Antivirus just found a trojan horse in the texmod.exe file. I downloaded the file from the wiki link probably over a year ago, and until today have had no problems with it.
EDIT: Not entirely sure if this is the name, but it may be: Bloodhound.Exploit.196 Just a word of warning to everyone who uses this program to make sure your anti-virus is configured properly to catch such things.  Edit: Added picture, added name. Last edited by Ariena Najea; Oct 27, 2008 at 03:46 AM // 03:46.. |
|
|
|
Oct 27, 2008, 03:42 AM // 03:42
|
#2 |
|
The Humanoid Typhoon
Join Date: May 2005
Location: UK
Guild: Servants of Fortuna [SoF]
Profession: R/
|
What was the name of the Trojan that was found? Symantec has been known to give false positives.
__________________
 Guru Event Guide Editor |
|
|
|
|
Oct 27, 2008, 03:50 AM // 03:50
|
#3 |
|
Furnace Stoker
Join Date: Jul 2006
|
It's not a trojan. (especially not if you got it a year ago!)
First off, Symnatec is one of the worst Anti-Virus's around. Get SymRT and remove it, and then install Custom Minimal install Avast or Avira. Second off, the reason it isn't a trojan is because Symnatec reports anything that modifies anything else as a trojan. In this case, TexMod modifies your Gw.exe and it intercepts your DirectX and tells it to change textures to other textures, so Symnatec rather than being a good AV and actually trying to find a real trojan, just tries to act cool and tell you it found one when it hasn't. While it's possible you got a trojan that is effecting your Texmod.exe from a random site etc, it's such an underused program that this is unlikely and it's just Symnatec sucking badly again. |
|
|
|
|
Oct 27, 2008, 03:51 AM // 03:51
|
#4 |
|
Forge Runner
Join Date: Feb 2006
Guild: Kindred Order of Souls [KOS]
|
Came up clean on Kaspersky.
http://img514.imageshack.us/img514/3505/cleanbp9.jpg |
|
|
|
|
Oct 27, 2008, 04:19 AM // 04:19
|
#5 |
|
Banned
Join Date: Jan 2006
Location: Bermuda Triangle
Profession: W/
|
No, it is a trojan. It is not a false positive. In fact it is positively false that it is not a false positive. I am 100% positive that my words are false but positive that it is not a false positive. Because being positively false results in false positives that are not false.
|
|
|
|
|
Oct 27, 2008, 04:36 AM // 04:36
|
#6 |
|
Lion's Arch Merchant
Join Date: May 2008
Location: USA
Profession: W/Mo
|
Nice one Rusty, lulz
Get AVG, its where its at. |
|
|
|
|
Oct 27, 2008, 04:41 AM // 04:41
|
#7 |
|
Jungle Guide
Join Date: May 2005
|
Should this thread be stickied?
|
|
|
|
|
Oct 27, 2008, 04:55 AM // 04:55
|
#8 |
|
Silence and Motion
Join Date: Jul 2006
Location: Buffalo NY
Guild: New Horizon [NH]
|
The problem is that I'm at a university that validates your computer when it boots up and has to approve your machine before it can connect to the internet. Symantec is unfortunately required for this approval so I'm stuck with it
 Regardless of whether it's an actual trojan or not, anything we should be worried about on our computers? Rusty made me laugh 
|
|
|
|
|
Oct 27, 2008, 04:57 AM // 04:57
|
#9 | |
|
Jungle Guide
Join Date: Aug 2008
Location: In my own mind
Guild: The Dragon Exchange
Profession: E/
|
Quote:
Umm.... . . . What? That post just implanted a Trojan in my brain. Im pretty positive that my brain is experiencing Blue Screen of Death. reboot in 20...19... |
|
|
|
|
|
Oct 27, 2008, 05:08 AM // 05:08
|
#10 | |
|
Furnace Stoker
Join Date: Jul 2006
|
Quote:
|
|
|
|
|
|
Oct 27, 2008, 05:46 AM // 05:46
|
#11 |
|
Frost Gate Guardian
Join Date: Aug 2007
Profession: A/
|
wow, sucks to be you. my university just requires you to have a clean pc, and offers symantec for free. i kept on using AVG instead.
|
|
|
|
|
Oct 27, 2008, 05:49 AM // 05:49
|
#12 |
|
Forge Runner
Join Date: Sep 2006
Location: AZ
|
Make Rusty use symantec as punishment
|
|
|
|
|
Oct 27, 2008, 08:15 AM // 08:15
|
#13 |
|
Grotto Attendant
Join Date: Jun 2006
Location: Europe
Guild: The German Order [GER]
Profession: N/
|
IIRC, texmod is packed excutable which is suspicious to some AV's, but is no sign of any trouble (except that its programer does not live in 21st century and thinks that shrinking executable by couple of kbs when its gonna get zipped anyway is worth trouble.)
(BTW: I'd love to be guy who sold your university on idea of making that one product compulsory. His "bonus" from Symatec would have been impressive. Unless he thought it was actually good idea, in which case he is dumber than tire.) |
|
|
|
|
Oct 27, 2008, 08:25 AM // 08:25
|
#14 | |
|
Desert Nomad
Join Date: Feb 2007
Profession: Mo/W
|
Quote:
|
|
|
|
|
|
Oct 27, 2008, 08:46 AM // 08:46
|
#15 |
|
Frost Gate Guardian
Join Date: Nov 2006
|
This is not a Trojan. What DarkNecrid said is QFT.
|
|
|
|
|
Oct 27, 2008, 11:47 AM // 11:47
|
#16 |
|
Major-General Awesome
Join Date: Aug 2005
Location: Aussie Trolling Crew HQ - Event Organiser and IRC Tiger
Guild: Ex Talionis [Law], Trinity of the Ascended [ToA] ̖̊̋̌̍̎̊̋&#
Profession: W/
|
Okay, posted this a few times but here it is again;
TexMod is not a trojan. Never was. The problem is the way it accesses the game files. Bad anti-virus software thinks that it is a trojan because of it, and shows up a false positive. So, nothing to worry about, despite what the anti-virus says. Now as a follow up, if your anti-virus is reporting this, I recommend changing it. From my experience with anti virus software (I've tried almost all of them) there are 2-3 GOOD options. These are; 1) NOD32. Best you can get, hands down. Uses tiny amounts of RAM, detects everything, scans faster than anything. Isn't free though. 2) Avira. Free! Also uses little RAM, fast scan, almost perfect detection. Free! 3) avast!. Little RAM, fast scan, high detection, etc etc, just not as good as Avira. And on the other side of the scale; 1) Norton. Worst thing ever invented. Ruins your computer, then refuses to let you fix it. 2) Symantec. Similarly to Norton, refuses to let you remove itself. Gah, can't even explain how bad it is. Oh wait, yes I can, with this google search! Real picture, no photoshop; Their website is probably the best database of viruses/spyware/malware, just a shame their program is about as good as dealing with them as an aborted fetus is at breathing. 3) Microsoft Defender. Bad. Just bad. So in summary, if you can get NOD32 (either pay, or get it the other way, wink wink nudge nudge etc), you'll be set. If not, Avira is the best choice you can make, as it's free and nothing beats it. As a closing note, ignore people who say AVG is the best. They just haven't tried a GOOD anti-virus yet.
__________________
I came when I heard you'd beaten the ELITE FOUR.
 |
|
|
|
|
Oct 27, 2008, 12:43 PM // 12:43
|
#17 |
|
Ascalonian Squire
Join Date: Jan 2006
Guild: Riddle Of Kings
Profession: Mo/
|
I'm going to go out on a limb here and say that there is a very real possibility that he did get a trojan from Texmod. While I'm sure most downloads of Texmod are clean the fact that it came from a link on the wiki adds a small chance that someone edited the wiki to replace the usual file with a malware infected file. Judging by the fact that this seems to be an issue no one else here has had might mean that the malicious edit was removed quickly.
Alternatively, the Trojan could still be real but not have originated from Texmod, and merely have spread itself from some other malicious executable. |
|
|
|
|
Oct 27, 2008, 12:45 PM // 12:45
|
#18 | |
|
Grotto Attendant
Join Date: Mar 2006
Location: Done.
Guild: [JUNK]
|
Quote:
I bug my I-provider and they tell me they are blocking my ass because of the insane amounts of viruses on my PC. So I check the thing with NOD and the guy didn't find a single thing. I run AVG and the guy did actually find stuff and my I-connection went back to working as it should. Avira does sound interesting. Edit: Wait. Enhanced email protection for POP3 and SMTP - unchecked in the free version. So no POP3 email scanning then in the free version? |
|
|
|
|
|
Oct 27, 2008, 01:50 PM // 13:50
|
#19 |
|
Forge Runner
Join Date: Dec 2006
Guild: The Overacheivers [Club]
Profession: Mo/
|
its been known to be a 'trojan' becuase it must be to do with poking around with the gw client. People have had these problems since it was first released. If you get the one from wiki.guildwars.com its perfectly safe; if someone changed it we would notice.
|
|
|
|
|
Oct 27, 2008, 02:06 PM // 14:06
|
#20 | |
|
EXCESSIVE FLUTTERCUSSING
Join Date: Mar 2007
Guild: SMS (lolgw2placeholder)
Profession: Me/
|
Quote:
__________________
All seems lost now, but still we must fight on. |
|
|
|
|
 |
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| N1ghtstalker | Questions & Answers | 26 | Jan 06, 2011 07:15 PM // 19:15 | |
| Texmod and wtf*.tmp trojan horse | hyunsik | Questions & Answers | 36 | Apr 29, 2009 07:52 PM // 19:52 |
| ok did I kill the trojan? | crazybanshee | Software | 14 | Sep 09, 2008 09:36 PM // 21:36 |
| Age | Software | 42 | Aug 08, 2008 04:00 AM // 04:00 | |
All times are GMT. The time now is 06:13 AM // 06:13.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("