tWAIN TEC

Discussion in 'malware problems & news' started by kenmac, Aug 20, 2004.

Thread Status:
Not open for further replies.
  1. kenmac

    kenmac Registered Member

    Joined:
    Aug 20, 2004
    Posts:
    3
    For the last couple of weeks, I have tried desperately to remove twain tec from my system. Today I finally succeeded ( thread posted ). But what is bugging me is that it somehow seems to have got on to and reinstall itself using the spywareblaster programme. A while ago as I opened spywareb' to check for updates, a warning box appeared. The title of which implied that it was from spywareb' telling me that my browser was at risk as I needed updates ( I don't run auto-updater, so I should have twigged ) anyhow I ran the updater, since then I, as many of you are, was plagued by Twaintec and no matter what I did, using spywareb' to block it or deleting the reg key, or using pest patrol to find and delete it it always returned. Now it seems, that somehow it got in and reinstalled itself by using the spywareb' programme, I dont know how? but by uninstalling spywareb' and any reference to twain tec in the reg and using pest patrol to find and delete it, it has, at last gone.....thought you might all need to know and hope this helps and if spywareb, was it's line of entry and installation I hope the programmers sort it out. As up til now spywareblaster is the bees knees.............
     
  2. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi kenmac,

    You mentioned about a "thread posted". Could you point me to that thread, please? I am unable to find it on the forum.

    *edit to add - I found the other post you made, so I will add the link here as I think the information in that thread may also be of help since you said in your post there that your problem was related: https://www.wilderssecurity.com/showthread.php?t=45037

    In hopes of possibly unraveling a mystery of what may have happened here:
    What this sounds like to me is when you were connected to the internet and opening SpywareBlaster to "check for updates", one of the Twain-Tech files, that may still have been on your system, stepped in instead and also requested updating. With having SpywareBlaster open at the same time, I can see why you would think it was SpywareBlaster making the request to update.

    From what I have read about the Twain-Tech variants and the multiple ways of which it uses to install/reinstall and update itself upon connection to the internet, there is a good chance that you did not remove all the associated files from your system when you thought you had and one of the installer files left behind triggered the up-date alert. And the "pop-up" you received could very well have been part of the trick to make you re-download again the components of Twain-Tech that you had cleaned out earlier. Then by clicking the 'updater' (which was more than likely the transponder updater and not SpywareBlaster's "Check for Updates" button), you inadvertantly reinstalled the Twain-Tech infection.

    I can assure you it is not being installed through SpywareBlaster. But the 'line of entry' would be the connection to the internet and still having one of Twain-Tech associated files on your computer and ready to make contact to it's servers for reinstalling it's needed components. You may also have accidently removed the killbit SpywareBlaster put in your registry for protection when you earlier ran PestPatrol while cleaning your computer (if it had mistakenly flagged the registry entry put there by SpywareBlaster) thus leaving you again vulnerable to Twain-Tech.

    The newer Twain-Tech variants can be extremely difficult to remove. Some variants can be removed through the Add/Removal Programs feature in Windows, and some of the more difficult variants can be removed using Ad-Aware SE (build 1.03) along with using the VX2 Cleaner Plugin for Ad-AwareSE. Even then, if you have one of the more newer variants to remove, it would involve many steps with detailed instructions best given by a Spyware Expert to ensure you removed the Twain-Tech infection safely, and correctly, to avoid any chance of it's return or damage to your system.

    If you do feel you may have one of the newer, more difficult variants and need help with it's removal, you can find a list of spyware removal forums here: http://a-sap.org/

    Whichever site you choose to go to, please read and follow their posting procedures and guidelines before posting a hijackthis log on their forums.

    Regards,

    snap
     
    Last edited: Aug 23, 2004
Thread Status:
Not open for further replies.