Texmod containing a malware trojan

hi,

i'm going for my cartographer title and decided to use texmod since my friend suggested it
i downloaded it on the link at the wiki but when i download i get message that it contains a trojan
any advice what i should do?

if it's used it'll give a warning on anti-spyware scanners about a file called wtf###.pl or something like that, it's just that texmod alters some files in GW, and the anti-spyware see it as spyware lol.

By the way, be sure you downloaded it from a legit place, and not a suspicous link.

I remember seeing this in the texmod thread. It turned out to be some sort of bug that the anti-virus software will pick up on. I am no techie, so I am sure someone will be posting the specifics which you will find more settling. Either way its harmless.

it's about this filename: http://38.118.213.252/7waa9ktmhx+/pe...X6\Texmod.exe\[NsPack]\[ASPack]\[Embedded#30050]

walmare name: Win32:Trojan-gen {Other}

type is virus/worm

it came from filrefront where wiki directed you too

Texmod creates temporary files which are picked up as trojans by some anti virus programs, but are in fact not...

so i won't try to log on one day to find my account has been hacked?
then it'll be fine i guess (:

definately not a threat

It's a false-positive that keeps popping up. I even reported it myself a while back because of the current spate of account thefts.

It's due to the nature of TexMod - because of the way it works, interrupting data between Guild Wars and the display, a lot of malware scanners see it as very trojan-like behaviour.

Yes, your account is safe - but, in the current climate, take extra precautions anyway. Cahnge your password to a strong one - something like gy4$ i(]e5ld; m03-=+f[/ for example.

And now you say it :P I already deleted the textmod, scanned pc, and was about to format...(I had the same problem obviosly :P)

Which AV programs are giving the warnings? I've scanned the texmod I downloaded several months ago with nod32, avast, avg, ad-aware and spybot search & destroy, non have shown warnings.

I have a feeling that it depends on when the malware scan is done. As Miskav and Pamelf pointed out, it's the temporary files tha trigger the alert - wtf213.dll or whatever (wtf = Windows Temporary File, by the way). As these files reside in TEMP and are deleted after use, it's likely that they're not detected at all if the scanner runs when TexMod isn't running.

AVG picked it up for me - will test NOD later by scanning when TexMod's running to see if that does it too.

I've got AVG Free Edition (either the latest or the one before that 7.5, can't remember) and it pops Texmod up as a false positive. It worried me at first but then googling WTF##.tmp fixed that.

Yeah, Mircoshaft knows really well how to name their files.

Edit: Wait, Trojan warning during startup (of Texmod)? I don't get that, just wtf##.tmp's appearing in the daily scan. How odd.

It's funny, but I've had texmod on my PC for one month now and never had a problem, but today I suddenly get the trojan warning like the others have reported when I try to run it. Something is weird here and I think I'll take a break from using it.

Ive been using Texmod a while now and haven't gotten any virus warning but today avast detected a virus mentioned above "Win32:Trojan-gen {Other}"
Probably after a recent definition update. after running Texmod and avast detects it wont run gw.exe there is just a popup window saying "D'OH"

A virus scan afterwards however detects nothing probably because as mentioned above is in a temp directory and doesn't go beyond that.

Edit:Note Texmod runs Gw.exe normally if no tpf file is loaded the virus alert only happens when a tpf file is loaded no matter which one.

That, I suspect, is the answer.

ive been using texmod since the GW modding community started...and tbh im tired of telling people its clean...its clean DAMMIT

it alters files so cheap and tbh...crap scanning software (AVG comes to mind) think it has to be a trojan of some sort

It won't run on my main system either unless I disable AVG's real-time virus protection. Which is fine, if all I'm doing is playing GW. Seems to work if I disable AV, open GW with texmod, then re-enable AV.

ok,so I have used textmod since like almost 1.5year now..and today when I used textmod again..the wtf...thing went up on my screen, so I saw DOH and sh*** happens appear on my screen,so I thought I got the keylogger,but I dont know,so I post here for a answer...

Some viruses activate on a particular day today being U.S Memorial day it seems suspicious but more likely it is caused by a virus definition update. It seems it has suddenly occured today to many people using different av programs so anyone using it should be cautious.

If you want to use Texmod turn anti-virus off until Guild Wars loads or dont use it.

My advice, use Texmod to do your Cartography titles and then put it away - it's too dam glitchy to use for much else. And who knows what version is "clean", when.

As far as the rest of the graphics stuff you can do with it goes, only you can see it anyway, so why bother.