|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
05-11-2003, 01:45 PM
|
#1 |
|
Member (8 bit)
Join Date: Jun 2002
Location: SouthCentralTexas
Posts: 238
|
tcposmod.exe??????
I noticed that my pc starts up with a program called TCPOSMOD.EXE and I have no clue what this prog is? I cannot not even find much info on web about this. I have found about 3 links to this name and its in a language I cannot read. Can somebody help me?? BTW I run WindowsXP Pro with SP1.. Thanks!!!!!!!!!!!1
|
|
|
|
05-11-2003, 02:06 PM
|
#2 |
|
Member (14 bit)
Premium Member
Join Date: Jan 2002
Location: The Great NorthWest
Posts: 12,594
|
I couldn't find anything on it either... I did find one link in English, but it turned out to be a forum thread on how to illegally crack XP, so I can't post a link here. It was of no real value to your question as only one poster mentioned that file, saying he thinks it's a spyware program installed by Microsoft.... There was no other discussion on it.
|
|
|
|
|
05-11-2003, 02:57 PM
|
#3 |
|
Member (8 bit)
Join Date: Jun 2002
Location: SouthCentralTexas
Posts: 238
|
yeh it is weird. Like I said, i only found Three links to this file and I think it was german. So I think???
|
|
|
|
|
05-12-2003, 03:17 AM
|
#4 |
|
Member (10 bit)
Join Date: Oct 2002
Location: Central Virginia
Posts: 780
|
maybe you could run of the spy hunter programs and find out if that's what it is. Then remove it.
|
|
|
|
|
05-12-2003, 08:49 AM
|
#5 |
|
Member (8 bit)
Join Date: Jun 2002
Location: SouthCentralTexas
Posts: 238
|
What is a good spyhunter program???
|
|
|
|
|
05-13-2003, 08:41 AM
|
#6 |
|
Member (8 bit)
Join Date: Jun 2002
Location: SouthCentralTexas
Posts: 238
|
but you would think there would be some info about this on the Web???????
|
|
|
|
|
05-13-2003, 09:06 AM
|
#7 |
|
Member (10 bit)
Join Date: Jan 2002
Location: brussels
Posts: 788
 |
lavasoft's adaware is a good spyhunter program, and it's free
|
|
|
|
|
05-13-2003, 09:15 AM
|
#8 |
|
Rockin'n Rollin' All Nite
Join Date: Feb 2003
Location: Midlands UK
Posts: 1,318
|
__________________
When the wife leaves, the dog dies and they repo' the house........I'll still have my Athlon (even when the new build arrives) ------------------------------------------------ Soltek SL-75FRN-RL / 2x512Mb PNY DDR + 1x512mb Kingston Value/ 'BARTON' 2500+ / Leadtek 6600GS / Sony DVDRW DRU810/ 60Gb Maxtor (2mb cache) 7200rpm ata133/ WD 320JB on USB2 / Antec PlusView 1000AMG Metallic Gray File Server/ Antec TruePower 330W PSU / 19" WS Hanspree New York Monitor (kvm)/ Vista Ultimate NEW BUILD DONE GA-G33M-S2 / E6750 / 2x 1GB Elixir@800mhz DDR2 / 256mb 8600GTS / 500Gb Seagate 16mb cache 7200.10 sata / NEC 18x Label Flash DVD-RW sata / E-Cute Cube case with side and top windows / Thermaltake 500watt TWV ATX 2.2 / 19" WS Hanspree New York Monitor (kvm) / 4Mbs Cable soon to be 10Mbs thanks to a free upgrade from my ISP / XP Pro SP2. |
|
|
|
|
05-13-2003, 09:47 AM
|
#9 |
|
Member (14 bit)
Join Date: Mar 1999
Location: Kelowna, B.C., Canada
Posts: 9,138
|
It's not spyware, it's a trojan, BACKDOOR APQ.
Supposedly so new that Symantec hasn't caught it yet, however McAfee seems to find it. |
|
|
|
|
05-13-2003, 11:51 AM
|
#10 |
|
Rockin'n Rollin' All Nite
Join Date: Feb 2003
Location: Midlands UK
Posts: 1,318
|
Thanks for that, it would appear that Tend Micro don't know of it either !! Oooops they make my AV
|
|
|
|
|
05-13-2003, 12:24 PM
|
#11 |
|
Member (14 bit)
Join Date: Mar 1999
Location: Kelowna, B.C., Canada
Posts: 9,138
|
It's been around in eastern Europe for about a week, and arrived here yesterday (supposedly). Nobody is too sure exactly what it is/does yet.
|
|
|
|
|
05-13-2003, 12:54 PM
|
#12 |
|
Rockin'n Rollin' All Nite
Join Date: Feb 2003
Location: Midlands UK
Posts: 1,318
|
Here is my guess at what it does.
Looking at the file name, TCP - Network/Internet, OS - like windoze!, MOD - Modifiy? Now just guessing remember, makes changes to the REGISTRY, so that your KEYSTROKES are recorded, and then transmitted using your Network/Internet connection to a POS, that will try and rip off your Credit/Debit cards........ OR Makes drastic changes to your system (OS), that results in complete meltdown and you have to Format and Reinstall. EDIT And now I'll try and look it up. |
|
|
|
|
05-13-2003, 01:29 PM
|
#13 |
|
Member (10 bit)
Join Date: Feb 2002
Location: Rhode Island
Posts: 584
|
Does anyone have reccomendations for the best open source virus scan programs?
I mean I get norton free whenever I get a new motherboard, but I realyl don't think that this ones gonna break...
__________________
System: MSI K7N2G | AMD XP 1700+ | Gainward Geforce FX 5700 256 meg | 512mb Mushkin PC3200 RAM | Enlight case/PSU | Hercules Muse 5.1 DVD | Lite - On 16X DVD, and 48X CD-RW | Western Digitail 20GB, and 80GB| Netgear Ga302T gigabit adapter |
|
|
|
|
05-13-2003, 01:42 PM
|
#14 |
|
Member (14 bit)
Join Date: Mar 1999
Location: Kelowna, B.C., Canada
Posts: 9,138
|
Check out www.avast.com
Better than AVG (IMHO). |
|
|
|
|
05-13-2003, 02:09 PM
|
#15 |
|
Member (10 bit)
Join Date: Feb 2002
Location: Rhode Island
Posts: 584
|
thanks for the link RB
|
|
|
|
|
05-13-2003, 08:03 PM
|
#16 |
|
Member (8 bit)
Join Date: Jun 2002
Location: SouthCentralTexas
Posts: 238
|
wow reboot where did you find that info... Damn new virus eh... I checked with "netstat -a" and all ports look good. What do you guys thinks its going to do.....
|
|
|
|
|
05-13-2003, 08:11 PM
|
#17 |
|
Member (14 bit)
Join Date: Mar 1999
Location: Kelowna, B.C., Canada
Posts: 9,138
|
Probably same stuff as all variants of the "backdoor" trojan. Maybe a little more sneaky.
Google is your friend  You just gotta know what to search for (and it helps to read a second or third language), as everything I found was in German or Dutch. |
|
|
|
|
05-13-2003, 09:56 PM
|
#18 |
|
Member (8 bit)
Join Date: Jun 2002
Location: SouthCentralTexas
Posts: 238
|
thats crazy that i gots this virus... no telling what it is doing to my system...should i report this to anybody????
|
|
|
|
|
05-14-2003, 09:18 AM
|
#19 |
|
Member (8 bit)
Join Date: Jun 2002
Location: SouthCentralTexas
Posts: 238
|
anybody know how to read the estonian language and that can translate this page for me???
http://www.starpump.ee/viewthread.php?tid=4577 |
|
|
|
|
05-14-2003, 09:48 AM
|
#20 |
|
Member (14 bit)
Join Date: Mar 1999
Location: Kelowna, B.C., Canada
Posts: 9,138
|
Report it to Symantec, or whoever you like.
It probably won't do much good. How do you know you have the virus? What a/v scanner do you use? If you've removed the file, and done an updated scan, you should be OK. |
|
|
|
|
05-14-2003, 11:45 AM
|
#21 |
|
Member (8 bit)
Join Date: Jun 2002
Location: SouthCentralTexas
Posts: 238
|
I use NAV2003 with updated dats.... I know I got this TSR running because when I reboot and log back in I look in my task manager and there it is, running in my applications..... There isnt even a file associated with this.. This is weird and scary.......
|
|
|
|
|
05-14-2003, 12:01 PM
|
#22 |
|
Rockin'n Rollin' All Nite
Join Date: Feb 2003
Location: Midlands UK
Posts: 1,318
|
I hope that you are Ending The Process, in task manager!
|
|
|
|
|
05-14-2003, 12:23 PM
|
#23 |
|
Member (14 bit)
Join Date: Mar 1999
Location: Kelowna, B.C., Canada
Posts: 9,138
|
End the process, then edit the registry to remove it from loading, then delete the file.
It will be in HKLM/software/microsoft/windows/currentversion/run/ |
|
|
|
|
05-14-2003, 12:48 PM
|
#24 |
|
Rockin'n Rollin' All Nite
Join Date: Feb 2003
Location: Midlands UK
Posts: 1,318
|
Thanks Reboot,
|
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
