Feedback, Complaints or Problems

Page 1 of 2   •  First Page  •  Previous Page  •   Next Page  •   Last Page
Signup or Login to Post
what is copy.dll ???
  • Current rank: 1 Star. Next Rank at 100 Posts.
    Send a message to dieterFL
    ELITE
    dieterFL posted on Apr 13, 2014 11:22:44 AM - Report post
     
    Hi

    Each trainer setup a copy.dll in the temp folder. The file is created sometimes 5min after starting the trainer, sometimes later. I can see, the file is created by your trainer.exe.
    Trend micro reports your file as:
    Threat: TROJ_SPNV.01KS13
    Source: Threat
    Affected Files: E:\tmp\user\Dieter\Copy.dll
    Response: Removed
    Detected By: Real Time Scan

    I setup a empty copy.dll of my own with no rights for admins, in read only. And each trainer worked without this file.

    What is it for?

    cheers D
  • Trainer Maker
    Send a message to 0x90
    STAFF
    0x90 posted on Apr 13, 2014 11:35:09 AM - Report post
     
    I don't think it's created by the trainer (especially not minutes after the start). Why do you think it's created by the trainer?
  • Current rank: 4.5 Stars. Next Rank at 20.000 Posts.
    Send a message to ServiusTheBear
    AUTHOR
    ServiusTheBear posted on Apr 13, 2014 11:41:46 AM - Report post
     
    What is the supposid trainer that is doing it?
    CH Moderator From 16.12.2018 to 24.12.2021
    Active Community Helper from 25.12.2021
    My Site - www.serviusthebear.webs.com
  • Current rank: 4 Stars. Next Rank at 10.000 Posts.
    Send a message to Neo7
    AUTHOR
    Neo7 posted on Apr 13, 2014 12:11:22 PM - Report post
     
    File origin comes from the program: HP Digital Imaging. However, it does not appear in the expected location hinting that it is masquerading as a proper DLL file. It's also not a place I would expect a malicious file to be copied to unless you modified the %TEMP% system variable. Did you extract something to E:\tmp\User\Dieter recently?

    [Edited by Neo7, 4/13/2014 12:12:00 PM]
    Your bitterness, I will dispel
  • Current rank: 1 Star. Next Rank at 100 Posts.
    Send a message to dieterFL
    ELITE
    dieterFL posted on Apr 13, 2014 2:50:58 PM - Report post
     
    Because TrenMicro shows each file, from which process its generated. and this file is genereated by the trainer exe.
  • Current rank: 1 Star. Next Rank at 100 Posts.
    Send a message to dieterFL
    ELITE
    dieterFL posted on Apr 13, 2014 2:52:30 PM - Report post
     
    the effect comes from nearly every trainer here. well...i used about 20 trainers. always same effect. after short time, the file appears in temp directory.
  • Current rank: 1 Star. Next Rank at 100 Posts.
    Send a message to dieterFL
    ELITE
    dieterFL posted on Apr 13, 2014 2:54:09 PM - Report post
     
    my AV Software deletes this file as soon - as it is copied to the temp directory. i can close the trainer - start the trainer again - and there it is. well, Trendmicro cleans the file. meanwhile, it has cleanded the file dozen times.
    sorry, i thought the reply is connected to your messages...
    it also creates a CH.dll. But this file is not recognized by TrendMicro.
    The trainer hooks on the game exe. why copy files to temp?
    File is created when pressing F1 for activating...

    [Edited by dieterFL, 4/13/2014 3:02:54 PM]
  • Trainer Maker
    Send a message to 0x90
    STAFF
    0x90 posted on Apr 13, 2014 4:04:30 PM - Report post
     
    The CH.dll file creation is a harmless process of Caliber's trainers as he's using DLL injection as far as I know. The dll has to be written on your disk before it can be injected and a temp directory is the best place for doing that. About the other dll I really don't know. For me it sounds like it's been created by any other suspicious software running on your computer.

    [Edited by 0x90, 4/13/2014 4:05:30 PM]
Page 1 of 2   •  First Page  •  Previous Page  •   Next Page  •   Last Page
Signup or Login to Post
All times are (GMT -06:00) Central Time (US & Canada). Current time is 6:52:10 AM