Mumbai Security and Compliance User Group

 View Only

  • 1.  Twain.dll cleint 32 Bit Thunking Server Error

    Posted Feb 07, 2014 12:02 AM
      |   view attached

    Hi All,

    i found an issue in mixed envirnment OS Win XP, Win 7 with error Twain.dll cleint 32 Bit Thunking Server Error and stops system to working with high resource utilized. Few systems are infected with thie error and increasing seqencely.

     Any one faces similiar issues and solved with some tool or any method? As of now as I serched there is no any removal tool of Symantec. We hav SEP 12.0 installed on clients. This Twain.exe Adware undetected by SEP.

    I will be thankful if any sulution by fourm member experts.

     



  • 2.  RE: Twain.dll cleint 32 Bit Thunking Server Error

    Posted Feb 07, 2014 12:53 AM

    Start with power eraser on one machine and check if that finds our the virus

    http://www.symantec.com/business/support/index?page=content&id=TECH134803

    Please submit the sample to symantec as they will analzye and create a new signature for it

    http://www.symantec.com/business/support/index?page=content&id=TECH98706



  • 3.  RE: Twain.dll cleint 32 Bit Thunking Server Error

    Posted Feb 07, 2014 12:56 AM

    Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    http://www.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante



  • 4.  RE: Twain.dll cleint 32 Bit Thunking Server Error

    Posted Feb 07, 2014 01:18 AM

    Check the article

    Symantec Help (SymHelp) Download

    Article:TECH170752  |  Created: 2011-09-29  |  Updated: 2013-11-13  |  Article URL http://www.symantec.com/docs/TECH170752
     

    How to run Symantec Power Eraser with the SymHelp utility

    Article:TECH203683  |  Created: 2013-03-08  |  Updated: 2013-12-17  |  Article URL http://www.symantec.com/docs/TECH203683

     



  • 5.  RE: Twain.dll cleint 32 Bit Thunking Server Error

    Posted Feb 07, 2014 04:30 AM

    Hi,

    I ran SymHelp tool in infected system , as it is not able to detect any files which i will upload and submit to symantec. Any removal tool for this Adware?

    Regards,

    Ajay Singh



  • 6.  RE: Twain.dll cleint 32 Bit Thunking Server Error

    Posted Feb 07, 2014 04:46 AM

    Did you run Malwarebytes or hitman pro?



  • 7.  RE: Twain.dll cleint 32 Bit Thunking Server Error

    Posted Feb 07, 2014 07:21 AM

    Submit the file for analysis see what's showing up

    https://www.virustotal.com

    http://www.threatexpert.com



  • 8.  RE: Twain.dll cleint 32 Bit Thunking Server Error

    Posted Feb 07, 2014 09:49 AM

    TWAIN error-- Remember seeing this variant in the past..May be this time its in a new dimension.. This kind of malware doesn't usually arrive as a single process. They are usually accompanied by their companions who help them. Are you able to track the backbone for the error using process explorer ?  Any other associated packed process ?. Usually the malware triggers this error via Microsoft rundll32.exe OR if you see the legitimate process named "twunk_32.exe" is involved then hover the mouse over this process in process explorer and press ctrl+d to list the associated dlls. One of them might be driving this behaviour/error.

    Alternatively use the command prompt and trigger (tasklist /m /fi “imagename eq rundll32.exe”) in the command prompt. This will help identifying any malware libraries abusing the rundll32.exe. Check for any anomalies or suspicious dlls in the result.

    If you did find any suspicious/wierd file then ,As stated by forum members please send the file to Symantec for analysis or upload it to any SANDBOX analyzer such as virustotal.com or virscan.org and see what other A/V engine suspects on the sample.