dieterFL posted on Apr 13, 2014 11:22:44 AM - Report post
Hi
Each trainer setup a copy.dll in the temp folder. The file is created sometimes 5min after starting the trainer, sometimes later. I can see, the file is created by your trainer.exe. Trend micro reports your file as: Threat: TROJ_SPNV.01KS13 Source: Threat Affected Files: E:\tmp\user\Dieter\Copy.dll Response: Removed Detected By: Real Time Scan
I setup a empty copy.dll of my own with no rights for admins, in read only. And each trainer worked without this file.
What is it for?
cheers D
STAFF
0x90 posted on Apr 13, 2014 11:35:09 AM - Report post
I don't think it's created by the trainer (especially not minutes after the start). Why do you think it's created by the trainer?
AUTHOR
ServiusTheBear posted on Apr 13, 2014 11:41:46 AM - Report post
What is the supposid trainer that is doing it?
CH Moderator From 16.12.2018 to 24.12.2021 Active Community Helper from 25.12.2021 My Site - www.serviusthebear.webs.com
AUTHOR
Neo7 posted on Apr 13, 2014 12:11:22 PM - Report post
File origin comes from the program: HP Digital Imaging. However, it does not appear in the expected location hinting that it is masquerading as a proper DLL file. It's also not a place I would expect a malicious file to be copied to unless you modified the %TEMP% system variable. Did you extract something to E:\tmp\User\Dieter recently?
[Edited by Neo7, 4/13/2014 12:12:00 PM]
Your bitterness, I will dispel
INACTIVE
dieterFL posted on Apr 13, 2014 2:50:58 PM - Report post
Because TrenMicro shows each file, from which process its generated. and this file is genereated by the trainer exe.
INACTIVE
dieterFL posted on Apr 13, 2014 2:52:30 PM - Report post
the effect comes from nearly every trainer here. well...i used about 20 trainers. always same effect. after short time, the file appears in temp directory.
INACTIVE
dieterFL posted on Apr 13, 2014 2:54:09 PM - Report post
my AV Software deletes this file as soon - as it is copied to the temp directory. i can close the trainer - start the trainer again - and there it is. well, Trendmicro cleans the file. meanwhile, it has cleanded the file dozen times. sorry, i thought the reply is connected to your messages... it also creates a CH.dll. But this file is not recognized by TrendMicro. The trainer hooks on the game exe. why copy files to temp? File is created when pressing F1 for activating...
[Edited by dieterFL, 4/13/2014 3:02:54 PM]
STAFF
0x90 posted on Apr 13, 2014 4:04:30 PM - Report post
The CH.dll file creation is a harmless process of Caliber's trainers as he's using DLL injection as far as I know. The dll has to be written on your disk before it can be injected and a temp directory is the best place for doing that. About the other dll I really don't know. For me it sounds like it's been created by any other suspicious software running on your computer.