Twunk001.mtx

colinlam · 2006/04/19

Hi, I have scanned my machine using Advanced Spyware Remover and it found Twunk001.mtx which it said was a Trojan. I removed but it keeps coming back when reboot. It is located in the Temp folder of Local Settings.

Any advice how to remove it completely would be gratefully received, thanks

PeteC · 2006/04/19

colinlam - Welcome to the Board

Twunk001.mtx is part of Lop.com which is spyware, etc and needs to be removed. Twunk001.mtx will continue to load after deletion and reboot until lop.com is removed.

Download, update and run the trial version of Ewido When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu ". Run Ewido and post the log here.

colinlam · 2006/04/19

Ewido report

Hi, thanks for the reply. I have done as advised and the report is as follows:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 14:12:05, 19/04/2006
+ Report-Checksum: B0B0E7B3

+ Scan result:

C:\Documents and Settings\Colin\Cookies\colin@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Colin\Cookies\colin@oewabox[2].txt -> TrackingCookie.Oewabox : Cleaned with backup
C:\Documents and Settings\Julie\Cookies\julie@falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Julie\Cookies\julie@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

::Report End

Thanks.

PeteC · 2006/04/19

I had hoped that Ewido would find and remove lop.com and it's various parts, but obviously not. It found and removed some tracking cookies which, although probably harmless are nevertheless an invasion of your privacy.

Sticking with the simple approach run an online antivirus scan at Housecall - as you have two users you should run the scan twice while logged on as each user or alternatively start in Safe Mode and log on as administrator which should cover both accounts.

If the problem remains there are further scans which can be made and I will post details if required when I hear from you again.

In the meantime I am moving this thread to the Removing Spyware & Viruses forum.

tonman23 · 2006/04/19

colinlam said:

Hi, thanks for the reply. I have done as advised and the report is as follows:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 14:12:05, 19/04/2006
+ Report-Checksum: B0B0E7B3

+ Scan result:

C:\Documents and Settings\Colin\Cookies\colin@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Colin\Cookies\colin@oewabox[2].txt -> TrackingCookie.Oewabox : Cleaned with backup
C:\Documents and Settings\Julie\Cookies\julie@falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Julie\Cookies\julie@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup

::Report End

Thanks.
Click to expand...

I would try using Hijack this to remove any entries that shouldn't be there. Also try using sysinternal process explorer to find out what specific files are linked with the process and remove it that way. Have ytou searched the registry for any keys referencing the spyware?

PeteC · 2006/04/19

tonman23

I'm taking this one step at a time - HJT is next on the list. In theory Ewido or the online scan should locate and fix this little begger.

colinlam · 2006/04/19

Gone

Hi, thanks for moving y post to the correct forum, I'm new and need to find my way around.

I have rebooted my system a couple of times and it has not reappeared. Apart from the scan you suggested the only thing I have done is stop a couple of Adobe programs from starting at Startup. Maybe one of those was blame. Anyway it seems to have gone thanks for your help.

PeteC · 2006/04/19

Interesting A further Google suggests that these files are created when Photoshop 6 is started ...

These exact files are also created in your Windows Temp folder. These are files that are temporarely created when you initialize Photoshop 6.... Other files that are created when initializing Photoshop 6 are Twunk001.mtx, Twunk002.mtx, etc files. As you may have already figured out, these file reappear in the Windows Temp directory after deleting them when you reopen Photoshop 6....
Click to expand...

Not only Photoshop 6 by the looks of it - Photoshop CS2 as well. I searched my drive and found Twunk001.mtx dated yesterday at a time when I recalled having Photoshop CS2 open. I opened it up again and the Twunk001.mtx was recreated at today's date and time.

So it looks like a false positive from Advanced Spyware Remover although to be fair it does also appear to be a part of lop.com - masquerading under a file name used by another program - not uncommon

Out of interest which Adobe programs did you remove from startup - Adobe Gamma?

colinlam · 2006/04/19

Hi, looks like we've sorted it. The application I removed from startup was Photoshop Album Starter Edition 3.1. Thanks again.

PeteC · 2006/04/19

That figures

Whiskeyman · 2006/04/19

Epson and I believe Canon scanners also place Twunk001.mtx in the Temp folder. I can't remember which program Paint.NET or PSP 7 placed that file in my Temp folder.

.mtx file extension

Log in or Sign up

Twunk001.mtx

colinlam Well-Known Member Thread Starter

PeteC SuperGeek Staff

colinlam Well-Known Member Thread Starter

PeteC SuperGeek Staff

tonman23 Inactive

PeteC SuperGeek Staff

colinlam Well-Known Member Thread Starter

PeteC SuperGeek Staff

colinlam Well-Known Member Thread Starter

PeteC SuperGeek Staff

Whiskeyman Inactive Alumni

Share This Page

Log in or Sign up

Twunk001.mtx

colinlam Well-Known Member Thread Starter

PeteC SuperGeek Staff

colinlam Well-Known Member Thread Starter

PeteC SuperGeek Staff

tonman23 Inactive

PeteC SuperGeek Staff

colinlam Well-Known Member Thread Starter

PeteC SuperGeek Staff

colinlam Well-Known Member Thread Starter

PeteC SuperGeek Staff

Whiskeyman Inactive Alumni

Share This Page

Useful Searches