Why Can't We Find Thunker?

Virus & Spyware

Virus & Spyware
Perspectives on PC security, including antivirus, anti-spyware and firewall solutions.

Why Can't We Find Thunker?

  • Good afternoon,

     

    I came across a notepad in the temp folder (which I was about to delete) entitled TWAIN.  Being a curious "newbie" I decided to investigate.  When I read the line, "Why Can't We Find Thunker?", of course I wanted to know who/what was Thunker.

     

    I checked Google and discovered Thunker is a backdoor trojan.  I also checked this forum which had 2 entries I did not quite understand?

     

    Will someone inform me further?

     

    Thank you,

     

    Nissi1

  • TWAIN is a standard software protocol and applications programming interface (API) that regulates communication between software applications and imaging devices such as scanners and digital cameras...

    so if you have a web/digital camera, or a scanner (including an "all-in-one" printer with scanner), you may have legitimate TWAIN software or folders on your system.

     

    however, i have no knowledge of "Thunker"

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v8 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • Good afternoon Ky331,

     

    First, cute dogs!

     

    Second, no, I do not have any form of imaging devices attached to my computer.  Just monitor, tower, keyboard, mouse and speakers.

     

    I thank you for your reply.

     

     

     

    May God continue to Richly Bless you and your loved-ones.

     

    Nissi1

  • How old was this temp folder? A while back there was a twaintec.dll (malware) that used to reside in a temp folder and other places. Haven't seen it lately, though.


     

    Microsoft MVP - Consumer Security
    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.

     

  • Good evening Bugbatter,

     

    The temp file was less than a week old.  However, I checked the solution box because after further research it appears it is nothing for me to worry about.  Also the information given by Ky331 was accurate.

     

    I thank you for your reply.

     

    And as always, may God continue to Richly Bless you and your loved-ones.

     

    Nissi1

    Message Edited by Nissi1 on 03-25-2008 08:08 PM
    Message Edited by Nissi1 on 03-25-2008 08:09 PM
  • TWAIN is not a (Notepad) .txt file. Malware often uses Temp folders.
    Were there any other files in the folder?

    You wrote:
    "I also checked this forum which had 2 entries I did not quite understand?"
    What forum did you check and what entries did you not understand?
    Message Edited by Bugbatter on 03-25-2008 08:58 PM

     

    Microsoft MVP - Consumer Security
    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.

     

  • Good afternoon Bugbatter,

     

    There was more information on the notepad, however I deleted the entire temporary file.

     

    The other 2 entries I spoke of were in this (Dell) forum  http://www.dellcommunity.com/supportforums/search?ticket=kSPAFxftf5j9_6055148&submitted=true&q=Thunker.  ( Sorry, I do not know how to do the "Here" link, Yet.:smileysad: )  I did a search for "Thunker" here and in the McAfee forum, since I use their security center.

     

    In the above link, Appetiser posts a TWAIN log.  The first 3 lines of that log are exactly what was on my notepad.  I do not remember the rest of the information.

     

    It was in the Google search that I learned thunker is a trojan.  If I come across it again, rest assure I will be in contact.  I just hope I do not wear my welcome out around this community.:smileywink:

     

    Thank you for your interest.

     

    And as always, may God continue to Richly Bless you and your loved-ones.

     

    Nissi1

    Message Edited by Nissi1 on 03-26-2008 04:12 PM
  • Dear Bugbatter,

     

    I just found another notepad with the same message.

     

    TWAIN_32.DLL - MESSAGE - CTwunk  ::AppInitialize - Reset Log

    TWAIN_32.DLL - MESSAGE - CTwunk  ::OpenServer - Starting Thunker

    TWAIN_32.DLL - MESSAGE - CTwunk  ::CloseServer - Why Can't We Find The Thunker Window?

    TWAIN_32.DLL - MESSAGE - DSM     --DsmEntryDiagExit (RC = 0, CC = 0)

    TWAIN_32.DLL - MESSAGE - CTWTRACE--Capture(2) to NULL:

    TWAIN_32.DLL - MESSAGE - CTWTRACE--CONTROL, IDENTITY, GETFIRST

    TWAIN_32.DLL - MESSAGE - DSM     --DsmEntryDiagExit (RC = 1, CC = 3)

    TWAIN_32.DLL - MESSAGE - CTWTRACE--Capture(2) to NULL:

    TWAIN_32.DLL - MESSAGE - CTWTRACE--CONTROL, STATUS, GET

    TWAIN_32.DLL - MESSAGE - DSM     --DsmEntryDiagExit (RC = 0, CC = 0)

    TWAIN_32.DLL - MESSAGE - CTWTRACE--Capture(2) to NULL:

    TWAIN_32.DLL - MESSAGE - CTWTRACE--CONTROL, PARENT, CLOSEDSM

    TWAIN_32.DLL - MESSAGE - DSM     --DsmEntryDiagExit (RC = 0, CC = FFFF)

     

    Please let me know what you think.

     

    Nissi1

  • I think that looks like a TWAIN log -- not malware.

     

    Microsoft MVP - Consumer Security
    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.