TexMod Trojan

1 pages Page 1
Ariena Najea
Ariena Najea
Silence and Motion
#1
My Symantec Antivirus just found a trojan horse in the texmod.exe file. I downloaded the file from the wiki link probably over a year ago, and until today have had no problems with it.

EDIT: Not entirely sure if this is the name, but it may be: Bloodhound.Exploit.196

Just a word of warning to everyone who uses this program to make sure your anti-virus is configured properly to catch such things.



Edit: Added picture, added name.
RTSFirebat
RTSFirebat
The Humanoid Typhoon
#2
What was the name of the Trojan that was found? Symantec has been known to give false positives.
D
DarkNecrid
Furnace Stoker
#3
It's not a trojan. (especially not if you got it a year ago!)

First off, Symnatec is one of the worst Anti-Virus's around. Get SymRT and remove it, and then install Custom Minimal install Avast or Avira.

Second off, the reason it isn't a trojan is because Symnatec reports anything that modifies anything else as a trojan. In this case, TexMod modifies your Gw.exe and it intercepts your DirectX and tells it to change textures to other textures, so Symnatec rather than being a good AV and actually trying to find a real trojan, just tries to act cool and tell you it found one when it hasn't.

While it's possible you got a trojan that is effecting your Texmod.exe from a random site etc, it's such an underused program that this is unlikely and it's just Symnatec sucking badly again.
xRustyx
xRustyx
Banned
#5
No, it is a trojan. It is not a false positive. In fact it is positively false that it is not a false positive. I am 100% positive that my words are false but positive that it is not a false positive. Because being positively false results in false positives that are not false.
Bobulation
Bobulation
Lion's Arch Merchant
#6
Nice one Rusty, lulz

Get AVG, its where its at.
Kashrlyyk
Kashrlyyk
Jungle Guide
#7
Should this thread be stickied?
Ariena Najea
Ariena Najea
Silence and Motion
#8
The problem is that I'm at a university that validates your computer when it boots up and has to approve your machine before it can connect to the internet. Symantec is unfortunately required for this approval so I'm stuck with it

Regardless of whether it's an actual trojan or not, anything we should be worried about on our computers?

Rusty made me laugh
daze
daze
Jungle Guide
#9
Quote:
Originally Posted by xRustyx View Post
No, it is a trojan. It is not a false positive. In fact it is positively false that it is not a false positive. I am 100% positive that my words are false but positive that it is not a false positive. Because being positively false results in false positives that are not false.

Umm.... . . . What? That post just implanted a Trojan in my brain. Im pretty positive that my brain is experiencing Blue Screen of Death.
reboot in 20...19...
D
DarkNecrid
Furnace Stoker
#10
Quote:
Originally Posted by Ariena Najea View Post
The problem is that I'm at a university that validates your computer when it boots up and has to approve your machine before it can connect to the internet. Symantec is unfortunately required for this approval so I'm stuck with it

Regardless of whether it's an actual trojan or not, anything we should be worried about on our computers?

Rusty made me laugh
You should be worried about being forced to use Symnatec.
V
Valcion
Frost Gate Guardian
#11
wow, sucks to be you. my university just requires you to have a clean pc, and offers symantec for free. i kept on using AVG instead.
L
Lycan Nibbler
Forge Runner
#12
Make Rusty use symantec as punishment
zwei2stein
zwei2stein
Grotto Attendant
#13
IIRC, texmod is packed excutable which is suspicious to some AV's, but is no sign of any trouble (except that its programer does not live in 21st century and thinks that shrinking executable by couple of kbs when its gonna get zipped anyway is worth trouble.)

(BTW: I'd love to be guy who sold your university on idea of making that one product compulsory. His "bonus" from Symatec would have been impressive. Unless he thought it was actually good idea, in which case he is dumber than tire.)
W
Wish Swiftdeath
Desert Nomad
#14
Quote:
Originally Posted by daze View Post
Umm.... . . . What? That post just implanted a Trojan in my brain. Im pretty positive that my brain is experiencing Blue Screen of Death.
reboot in 20...19...
hahah yeah, i spent like a whole minute working that out
v
vdz
Frost Gate Guardian
#15
This is not a Trojan. What DarkNecrid said is QFT.
fenix
fenix
Major-General Awesome
#16
Okay, posted this a few times but here it is again;

TexMod is not a trojan. Never was. The problem is the way it accesses the game files. Bad anti-virus software thinks that it is a trojan because of it, and shows up a false positive. So, nothing to worry about, despite what the anti-virus says.

Now as a follow up, if your anti-virus is reporting this, I recommend changing it. From my experience with anti virus software (I've tried almost all of them) there are 2-3 GOOD options. These are;

1) NOD32. Best you can get, hands down. Uses tiny amounts of RAM, detects everything, scans faster than anything. Isn't free though.
2) Avira. Free! Also uses little RAM, fast scan, almost perfect detection. Free!
3) avast!. Little RAM, fast scan, high detection, etc etc, just not as good as Avira.

And on the other side of the scale;

1) Norton. Worst thing ever invented. Ruins your computer, then refuses to let you fix it.
2) Symantec. Similarly to Norton, refuses to let you remove itself. Gah, can't even explain how bad it is. Oh wait, yes I can, with this google search!

Real picture, no photoshop;



Their website is probably the best database of viruses/spyware/malware, just a shame their program is about as good as dealing with them as an aborted fetus is at breathing.

3) Microsoft Defender. Bad. Just bad.


So in summary, if you can get NOD32 (either pay, or get it the other way, wink wink nudge nudge etc), you'll be set. If not, Avira is the best choice you can make, as it's free and nothing beats it.

As a closing note, ignore people who say AVG is the best. They just haven't tried a GOOD anti-virus yet.
E
Emu
Ascalonian Squire
#17
I'm going to go out on a limb here and say that there is a very real possibility that he did get a trojan from Texmod. While I'm sure most downloads of Texmod are clean the fact that it came from a link on the wiki adds a small chance that someone edited the wiki to replace the usual file with a malware infected file. Judging by the fact that this seems to be an issue no one else here has had might mean that the malicious edit was removed quickly.

Alternatively, the Trojan could still be real but not have originated from Texmod, and merely have spread itself from some other malicious executable.
upier
upier
Grotto Attendant
#18
Quote:
Originally Posted by fenix View Post
So in summary, if you can get NOD32 (either pay, or get it the other way, wink wink nudge nudge etc), you'll be set. If not, Avira is the best choice you can make, as it's free and nothing beats it.

As a closing note, ignore people who say AVG is the best. They just haven't tried a GOOD anti-virus yet.
I was happily running NOD - the Winky-wink version (since I also heard that it was super-dooper sweet!) until my I-connection pretty much stopped working.
I bug my I-provider and they tell me they are blocking my ass because of the insane amounts of viruses on my PC.
So I check the thing with NOD and the guy didn't find a single thing.

I run AVG and the guy did actually find stuff and my I-connection went back to working as it should.


Avira does sound interesting.

Edit:
Wait.
Enhanced email protection for POP3 and SMTP - unchecked in the free version.
So no POP3 email scanning then in the free version?
BenjZee
BenjZee
Forge Runner
#19
its been known to be a 'trojan' becuase it must be to do with poking around with the gw client. People have had these problems since it was first released. If you get the one from wiki.guildwars.com its perfectly safe; if someone changed it we would notice.
Kattar
Kattar
EXCESSIVE FLUTTERCUSSING
#20
Quote:
Originally Posted by SmithyBen
its been known to be a 'trojan' becuase it must be to do with poking around with the gw client. People have had these problems since it was first released. If you get the one from wiki.guildwars.com its perfectly safe; if someone changed it we would notice.
This. So don't worry, you're safe. If you had searched the forums first, you may have figured that out quicker.