Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Twunk_16.exe, Twunk_32.exe Puzzle


  • Please log in to reply
5 replies to this topic

#1 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:07:15 PM

Posted 22 December 2005 - 11:34 PM

In my C:\WINDOWS directory I see twunk_16.exe and twunk_32.exe.
On this site, _32 is classified as a bad worm.
Symantec associates it with a w32.coflop@mm and w32.blackmal.c@mm worm.
Somewhere else (perhaps BC here), I see it's related to Backdoor.win32.small.dc pest of some sort.

Yet on "Answers that work" site there is a lenghty description how both are needed for scanning and to leave them alone.

My files seem to belong to Twain Working Group, both are dated 3/31/2003.

None of the virus, trojan, worm scanners I ran recently, and often in the past few weeks, pick them up as scumware.

So how can we tell? :thumbsup: :flowers:

BC AdBot (Login to Remove)

 


#2 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:15 PM

Posted 23 December 2005 - 03:13 AM

If you think you are infected submit a hijackthis log to the HJT Forum.

How to submit a hijackthis log

Download Hijackthis

#3 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:07:15 PM

Posted 23 December 2005 - 10:13 AM

Thanks. At this point I don't think I have any scumware here and I don't want to waste HJT's team time. Only recently I submitted a log and Grinler didn't see any red flags in it.
This is more a matter of curiosity - how to know what's legit and what's not :thumbsup:

#4 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:05:15 PM

Posted 23 December 2005 - 11:17 AM

twunk_16.exe
Company: Twain Working Group
Description: Twain_32.dll Client's 16-Bit Thunking Server

twunk_32.exe
Company: Twain Working Group
Description: Twain.dll Client's 32-Bit Thunking Server

Found using the The File Database located at the top of this page.

Edited by tg1911, 23 December 2005 - 11:18 AM.

MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#5 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:07:15 PM

Posted 24 December 2005 - 12:13 AM

Yup. But if I look here
http://www.bleepingcomputer.com/startups/
I get a big red X and

Added by the BLACKMAL.C WORM! - This malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty.

Just trying to sort it out in my head :thumbsup: how to use these tools.
And stay relatively sane and not too paranoid :flowers:

#6 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:05:15 PM

Posted 24 December 2005 - 10:10 AM

If you're not sure about twunk_32.exe, check out this info, and see if it describes your situation.
If not, then I wouldn't worry about it.
W32.Blackmal.C@mm
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users