Texmod and wtf*.tmp trojan horse

I'm getting new trojans called wtf*.tmp (*=insert random number/alphabet here)everytime i load texmod with tyria&GW:EN cartographer made easy tpf.
its not the texmod that gets triggered by antivirus program, but the trojan files i keep getting after loading texmod O.o those wtf#.tmp files in my /temp folder
(btw the files are getting classified as: trojan horse PSW.lineage.AGX)

anyone else getting them?

Yeah I got the same problem with them. Pretty anoying

well Texmod is a trojan, it opens up and uses stuff from your dat file.

wtf = Windows Temporary File
.tmp = temporary file extension
The number is a random hex number

These files aren't trojans, they are just temporary file used by texmod. The ability to create these files is part of Windows, and any application can do that. These files should be automatically deleted if you properly close the GW and texmod. If not, you can safely delete them.

See official document.

thank you for the reply =]
now i can play chart the world with peace of mind.

wtf is txmod? i keep hearing about it, but don't know what it is?

Texmod is a program that allows one to modify textures within Guild Wars, as well as many other games, to give items a more unique appearance. The modifications are only visible to the person running Texmod, and not to anyone else. Several users have made mods that reskin the UI, assist with cartography, change weapon and armor appearance, and so much more.

http://wiki.guildwars.com/wiki/Guide...-game_graphics
http://wiki.guildwars.com/wiki/Guide..._modifications

lol, I just had that happen. I googled the name of the trojan and ended up here. How ironic.

One question: Did you download it from the link on the official wiki or not?

I downloaded it from Wiki, and got a trojan. Psw.lineage.agx

So I figured I had a bad copy, and redownloaded it.
Same trojan.

Did a search, ended up here. Wouldn't mind knowing if it's just another false positive.

sorry for necroing such an old thread.

just got the same trojan, however I checked the virus on a virus database, and it says:

This Trojan is one of a family of Trojans which steals user passwords. It is a Windows PE EXE file. It is 52 925 bytes in size. It is packed using FSG.

now thinking i need to change my passwords.

any advice.

is this a false positive or what?

My advice is that if you can't tell the difference between a trojan and a false positive, you probably should not be messing with things like Texmod.

Question 1: Did you download Texmod from the official source?
Question 2: What scanner gave you the trojan warning?
Question 3: What "database" gave you the information?
Question 4: Did you search for the .exe with the 52925 byte size in question?
Question 5: If you did, where was it located?
Question 6: Download anything else recently? Open any email attachments? Using p2p applications?

Nope, incorrect, texmod is a 3rd party program, not a "trojan". Trojans are badware that act against you, texmod does what it says on the box.

Kumu Honua's questions are all reasonable. Make sure you get texmod and the associated GW add-ons from official websites:
http://wiki.guildwars.com/wiki/Guide...-game_graphics

The legit and official version does not have any kind of problems. IF you had a problem, it means you got the wrong program.

It's important to note that some scanners will detect texmod as a false positive because of what it does.

I've been using texmod forever and for some reason today I started getting the virus alerts. I would assume it's a false positive but I'm not one to take chances with my account. It's the same mods I've been running for months so thats why I'm puzzled as to why these are just now getting alerts.

the temp file that is created while you are using texmod is usually deleted when gw is closed, however; if for some reason ----it closes wrong/early/disconnect etc the file may not be deleted...and thus when your virus scan scans it will pick it up....I have had this problem on the occasions when I err 5, 7...etc and the next virus scan finds the temp file still there- what I do when I get these errors is make sure when I am done for the day I check my temp folder and see if the that file is there---if so I just delete it (since it should have been deleted).......however!!!! if the temp file is not the normal size ( and you will know what that is--if you use texmod check out your temp folder and see what it is on a couple of days mine is about 235kb).....then you might want to get paranoid and believe that you truly do have a trojan ------and let the virus scan do its job (and then change your passwords etc)....

I put a link to a SS of what happens as of today when i try to run Texmod. It only started doing this today, I ran it last night with no problems at all, and I have used the same mod for months. I'm real paranoid when it comes to things like this cause I've spent 10,108 hours on my account and I'm not about to lose that to a key logger.

http://i17.photobucket.com/albums/b5...Virusalert.jpg

http://www.avira.com/en/threats/sect...x=0&image2.y=0

Lineage.axrx doesn't even appear in their virus database.

Here's what I would do if you are paranoid: Uninstall Texmod and delete all associated files. Run virus scan to verify you are clean. Change your passwords. Do not re-download Texmod.

You can adjust the above to fit your level of paranoia.

False positives are rampant in the world of anti-virus scanners. Some companies are quick to fix when you send files to them to verify some are not.

Paranoia is the only true anti-virus.

Sometimes files that aren't trojans appear to be. Hopefully that is the issue.

Do you guys use AVG? If so, don't. a) it's bad b) it's making false positives.

Get Avira for free or pay for NOD32 imo