TexMod Trojan

My Symantec Antivirus just found a trojan horse in the texmod.exe file. I downloaded the file from the wiki link probably over a year ago, and until today have had no problems with it.

EDIT: Not entirely sure if this is the name, but it may be: Bloodhound.Exploit.196

Just a word of warning to everyone who uses this program to make sure your anti-virus is configured properly to catch such things.



Edit: Added picture, added name.

What was the name of the Trojan that was found? Symantec has been known to give false positives.

It's not a trojan. (especially not if you got it a year ago!)

First off, Symnatec is one of the worst Anti-Virus's around. Get SymRT and remove it, and then install Custom Minimal install Avast or Avira.

Second off, the reason it isn't a trojan is because Symnatec reports anything that modifies anything else as a trojan. In this case, TexMod modifies your Gw.exe and it intercepts your DirectX and tells it to change textures to other textures, so Symnatec rather than being a good AV and actually trying to find a real trojan, just tries to act cool and tell you it found one when it hasn't.

While it's possible you got a trojan that is effecting your Texmod.exe from a random site etc, it's such an underused program that this is unlikely and it's just Symnatec sucking badly again.

Came up clean on Kaspersky.

http://img514.imageshack.us/img514/3505/cleanbp9.jpg

No, it is a trojan. It is not a false positive. In fact it is positively false that it is not a false positive. I am 100% positive that my words are false but positive that it is not a false positive. Because being positively false results in false positives that are not false.

Nice one Rusty, lulz

Get AVG, its where its at.

Should this thread be stickied?

The problem is that I'm at a university that validates your computer when it boots up and has to approve your machine before it can connect to the internet. Symantec is unfortunately required for this approval so I'm stuck with it

Regardless of whether it's an actual trojan or not, anything we should be worried about on our computers?

Rusty made me laugh

Umm.... . . . What? That post just implanted a Trojan in my brain. Im pretty positive that my brain is experiencing Blue Screen of Death.
reboot in 20...19...

You should be worried about being forced to use Symnatec.

wow, sucks to be you. my university just requires you to have a clean pc, and offers symantec for free. i kept on using AVG instead.

Make Rusty use symantec as punishment

IIRC, texmod is packed excutable which is suspicious to some AV's, but is no sign of any trouble (except that its programer does not live in 21st century and thinks that shrinking executable by couple of kbs when its gonna get zipped anyway is worth trouble.)

(BTW: I'd love to be guy who sold your university on idea of making that one product compulsory. His "bonus" from Symatec would have been impressive. Unless he thought it was actually good idea, in which case he is dumber than tire.)

hahah yeah, i spent like a whole minute working that out

This is not a Trojan. What DarkNecrid said is QFT.

Okay, posted this a few times but here it is again;

TexMod is not a trojan. Never was. The problem is the way it accesses the game files. Bad anti-virus software thinks that it is a trojan because of it, and shows up a false positive. So, nothing to worry about, despite what the anti-virus says.

Now as a follow up, if your anti-virus is reporting this, I recommend changing it. From my experience with anti virus software (I've tried almost all of them) there are 2-3 GOOD options. These are;

1) NOD32. Best you can get, hands down. Uses tiny amounts of RAM, detects everything, scans faster than anything. Isn't free though.
2) Avira. Free! Also uses little RAM, fast scan, almost perfect detection. Free!
3) avast!. Little RAM, fast scan, high detection, etc etc, just not as good as Avira.

And on the other side of the scale;

1) Norton. Worst thing ever invented. Ruins your computer, then refuses to let you fix it.
2) Symantec. Similarly to Norton, refuses to let you remove itself. Gah, can't even explain how bad it is. Oh wait, yes I can, with this google search!

Real picture, no photoshop;



Their website is probably the best database of viruses/spyware/malware, just a shame their program is about as good as dealing with them as an aborted fetus is at breathing.

3) Microsoft Defender. Bad. Just bad.


So in summary, if you can get NOD32 (either pay, or get it the other way, wink wink nudge nudge etc), you'll be set. If not, Avira is the best choice you can make, as it's free and nothing beats it.

As a closing note, ignore people who say AVG is the best. They just haven't tried a GOOD anti-virus yet.

I'm going to go out on a limb here and say that there is a very real possibility that he did get a trojan from Texmod. While I'm sure most downloads of Texmod are clean the fact that it came from a link on the wiki adds a small chance that someone edited the wiki to replace the usual file with a malware infected file. Judging by the fact that this seems to be an issue no one else here has had might mean that the malicious edit was removed quickly.

Alternatively, the Trojan could still be real but not have originated from Texmod, and merely have spread itself from some other malicious executable.

I was happily running NOD - the Winky-wink version (since I also heard that it was super-dooper sweet!) until my I-connection pretty much stopped working.
I bug my I-provider and they tell me they are blocking my ass because of the insane amounts of viruses on my PC.
So I check the thing with NOD and the guy didn't find a single thing.

I run AVG and the guy did actually find stuff and my I-connection went back to working as it should.


Avira does sound interesting.

Edit:
Wait.
Enhanced email protection for POP3 and SMTP - unchecked in the free version.
So no POP3 email scanning then in the free version?

its been known to be a 'trojan' becuase it must be to do with poking around with the gw client. People have had these problems since it was first released. If you get the one from wiki.guildwars.com its perfectly safe; if someone changed it we would notice.

This. So don't worry, you're safe. If you had searched the forums first, you may have figured that out quicker.