dieterFL posted on Apr 13, 2014 11:22:44 AM - Report post
Each trainer setup a copy.dll in the temp folder. The file is created sometimes 5min after starting the trainer, sometimes later. I can see, the file is created by your trainer.exe.
Trend micro reports your file as:
Affected Files: E:\tmp\user\Dieter\Copy.dll
Detected By: Real Time Scan
I setup a empty copy.dll of my own with no rights for admins, in read only. And each trainer worked without this file.
What is it for?
I don't think it's created by the trainer (especially not minutes after the start). Why do you think it's created by the trainer?
ServiusTheBear posted on Apr 13, 2014 11:41:46 AM - Report post
What is the supposid trainer that is doing it?
38 Degrees Member
=^.^= Furrie 4 Life
You will never understand the sane form of the insane!
GnR 4 Life!
Me n Me alone nothing more!
Lifer / Lifer Plus / CH Promo Club
File origin comes from the program: HP Digital Imaging. However, it does not appear in the expected location hinting that it is masquerading as a proper DLL file. It's also not a place I would expect a malicious file to be copied to unless you modified the %TEMP% system variable. Did you extract something to E:\tmp\User\Dieter recently?
[Edited by Neo7, 4/13/2014 12:12:00 PM]
Your bitterness, I will dispel
dieterFL posted on Apr 13, 2014 2:50:58 PM - Report post
Because TrenMicro shows each file, from which process its generated. and this file is genereated by the trainer exe.
dieterFL posted on Apr 13, 2014 2:52:30 PM - Report post
the effect comes from nearly every trainer here. well...i used about 20 trainers. always same effect. after short time, the file appears in temp directory.
dieterFL posted on Apr 13, 2014 2:54:09 PM - Report post
my AV Software deletes this file as soon - as it is copied to the temp directory. i can close the trainer - start the trainer again - and there it is. well, Trendmicro cleans the file. meanwhile, it has cleanded the file dozen times.
sorry, i thought the reply is connected to your messages...
it also creates a CH.dll. But this file is not recognized by TrendMicro.
The trainer hooks on the game exe. why copy files to temp?
File is created when pressing F1 for activating...
[Edited by dieterFL, 4/13/2014 3:02:54 PM]
The CH.dll file creation is a harmless process of Caliber's trainers as he's using DLL injection as far as I know. The dll has to be written on your disk before it can be injected and a temp directory is the best place for doing that. About the other dll I really don't know. For me it sounds like it's been created by any other suspicious software running on your computer.
[Edited by 0x90, 4/13/2014 4:05:30 PM]
All times are (GMT -06:00) Central Time (US & Canada). Current time is 6:39:18 AM