TCPOSMOD.exe???????

[mrlucifer]

Ok there is something running in the background and I don't know what it is. Everytime I restart my pc it starts up. I can close the program in the Task manager. I run netstat-a and all ports seem fine. I tried to look this up in the Web but i only found three links and they are in the Estonian Language. Here is a link that I found. Can anybody translate this for me????


http://www.starpump.ee/viewthread.php?tid=4577

tHANKS GUYS!!!!!!!!!!!!!!

[bballad]

Its a torjan, interestingly that Estonian site mirrors a white suprmisist site also in estonian. I found a thread on it in trojan fordge, not much info. Mcafees AV cna find it with the newist updates, most other s should but I have no conformation on that.

[slarty]

Remember that as I said in my article here

http://www.antionline.com/showthread...hreadid=243202

Trojans do not need to keep ports open or show up on netstat to remotely control your machine.

[mrlucifer]

what do you think i should do guys. I hate it when I got something on my pc that I don't know what it is.....

[slarty]

Using the "find files" find out where the file is. If it is in the directory of an application, it might be genuine.

Kill the program using the task manager (as you mentioned), and then rename the file or move it to a different directory.

Then try using any programs which you suspect might rely on it. If they still work, I guess it's safe to delete it.

If you like, you could trying "strings"ing the binary and posting the results for us to mull over

[Qualm]

What should you do?

1. You should scan your machine with the latest anti-virus, anti-trojan, and anti-spybot software, cleaning/removing anything they find.

2. You should do a google search on anything they find, to learn what it does and what might have been compromised (example: does it install a keylogger? If yes, look for the .txt files keyloggers create, delete them, and also change any passwords you type into your computer regularly. etcetera.)

3. You should harden the security of your system by removing services and components you don't need, by installing a firewall, by keeping your anti- software up to date, etcetera.

4. You should improve your system awareness by using programs which monitor sensitive things like the Registry and open ports.

5. You should become more careful and/or cautious about what you download and run promiscuously, especially p2p stuff.

- Qualm

[bballad]

Google is useless on this one I found some usefull info on webcrawler, hence the its a torjan post, if you can find the file delete it (I would do this in command prompt mode. A upto date AV should dela with it, you can useualy get a timlimted demo from any of the companies..there are also some free ones.

As a side note as google gets futher in bed with the blogers and continues to push usefull info off the main page I think its time to revisit some of the other search engines (webcrawler, Lycos...there are others some one help me out I have used only google for too long). I have had three questions now that google hasn't answere that webcrawler has, unfortuniatly they where all security related...why is google failing on the security searches that is troubleing?

[ERASERX]

hy guys...i have the same problem...
...however i have delete the reg string and also the tcposmod.exe
.....the problem is that no one of the ANTIVIRUS would work...also if i re install tham....

...and all the web pages related to antivirus would not work...


...what should i do?????????


..thankssssssssssssssss


however tcposmod.exe came from mungabunga !!!!!

[mrlucifer]

come to think about it, I also recieved the file from mungabunga!!!! Since then I have deleted the files.....I just wonder what it is.....

[ERASERX]

however what do you think about the problem with the anti virus???

there are some solutions???