Printable View
Ok there is something running in the background and I don't know what it is. Everytime I restart my pc it starts up. I can close the program in the Task manager. I run netstat-a and all ports seem fine. I tried to look this up in the Web but i only found three links and they are in the Estonian Language. Here is a link that I found. Can anybody translate this for me????
http://www.starpump.ee/viewthread.php?tid=4577
tHANKS GUYS!!!!!!!!!!!!!!
Its a torjan, interestingly that Estonian site mirrors a white suprmisist site also in estonian. I found a thread on it in trojan fordge, not much info. Mcafees AV cna find it with the newist updates, most other s should but I have no conformation on that.
Remember that as I said in my article here
http://www.antionline.com/showthread...hreadid=243202
Trojans do not need to keep ports open or show up on netstat to remotely control your machine.
what do you think i should do guys. I hate it when I got something on my pc that I don't know what it is.....
Using the "find files" find out where the file is. If it is in the directory of an application, it might be genuine.
Kill the program using the task manager (as you mentioned), and then rename the file or move it to a different directory.
Then try using any programs which you suspect might rely on it. If they still work, I guess it's safe to delete it.
If you like, you could trying "strings"ing the binary and posting the results for us to mull over :)
What should you do?
1. You should scan your machine with the latest anti-virus, anti-trojan, and anti-spybot software, cleaning/removing anything they find.
2. You should do a google search on anything they find, to learn what it does and what might have been compromised (example: does it install a keylogger? If yes, look for the .txt files keyloggers create, delete them, and also change any passwords you type into your computer regularly. etcetera.)
3. You should harden the security of your system by removing services and components you don't need, by installing a firewall, by keeping your anti- software up to date, etcetera.
4. You should improve your system awareness by using programs which monitor sensitive things like the Registry and open ports.
5. You should become more careful and/or cautious about what you download and run promiscuously, especially p2p stuff.
- Qualm
Google is useless on this one I found some usefull info on webcrawler, hence the its a torjan post, if you can find the file delete it (I would do this in command prompt mode. A upto date AV should dela with it, you can useualy get a timlimted demo from any of the companies..there are also some free ones.
As a side note as google gets futher in bed with the blogers and continues to push usefull info off the main page I think its time to revisit some of the other search engines (webcrawler, Lycos...there are others some one help me out I have used only google for too long). I have had three questions now that google hasn't answere that webcrawler has, unfortuniatly they where all security related...why is google failing on the security searches that is troubleing?
hy guys...i have the same problem...
...however i have delete the reg string and also the tcposmod.exe
.....the problem is that no one of the ANTIVIRUS would work...also if i re install tham....
...and all the web pages related to antivirus would not work...
...what should i do?????????
..thankssssssssssssssss
however tcposmod.exe came from mungabunga !!!!!
come to think about it, I also recieved the file from mungabunga!!!! Since then I have deleted the files.....I just wonder what it is.....
however what do you think about the problem with the anti virus???
there are some solutions???
AV does not pick up this tcposmod.exe. Is there a way to debug executables????
Humm...I think the file is safe to delete, but you will probably have to do that in command prompt mode. From every thing I read Macefe with the lastest updates should catch this. You may also want t otry some of the trojan cleaners (chek this site for names I don't remember them.)
what site bballad?????
AO there have been numerous posts about trojans and how to clean them, just do a quick searchQuote:
I already used a trojan cleaner and it found nothing. I am curious, is there anyway i can read the code behind that executable..???? I wont give up till I find out what this little program does..... ;-)
If you have visual studio there is a decompilaer/debug program bundled in that and spy++ that is bundled in will help. Besides that you can try and find another decompilier .
remember that also if i have completely removed this TCPOSMOD.exe from my pc and also regedit no one of the most knowed AV would work fine......
....for example i have NAV on my pc but it would not work and i also can't DL any unpdates of the definitions of AV.....
......also no one of the sites reguarding AV want to work....
.....WHAT SHOULD I DOOOOOOOOOOOOOO????????????
hahahhaah !!!! it's incredible how a simple file can make me sooooo crazyyyy
...yepp...but...i i don't want to format my pcz and if i don't want to install linux ?? hahahaha!!!
wasssup.
In a few days (hopefully by monday) I'll have prepared a semi-formal research paper on this peice of software. It will discuss a little of what you already know (came from mungabunga.exe http brute forcer 1.0.3) as well as several techincal details on the behavior it enages in once activated on your system.
I'll be glad to pass along a copy once its finished (without the tcposmod!) to requests via email [email protected].