Video Screencast Help

Twain.dll cleint 32 Bit Thunking Server Error

Created: 06 Feb 2014 | 7 comments

Hi All,

i found an issue in mixed envirnment OS Win XP, Win 7 with error Twain.dll cleint 32 Bit Thunking Server Error and stops system to working with high resource utilized. Few systems are infected with thie error and increasing seqencely.

 Any one faces similiar issues and solved with some tool or any method? As of now as I serched there is no any removal tool of Symantec. We hav SEP 12.0 installed on clients. This Twain.exe Adware undetected by SEP.

I will be thankful if any sulution by fourm member experts.

Operating Systems:

Comments 7 CommentsJump to latest comment

Rafeeq's picture

Start with power eraser on one machine and check if that finds our the virus

Please submit the sample to symantec as they will analzye and create a new signature for it

technical_specialist's picture

Check the article

Symantec Help (SymHelp) Download
Article:TECH170752  |  Created: 2011-09-29  |  Updated: 2013-11-13  |  Article URL
How to run Symantec Power Eraser with the SymHelp utility
Article:TECH203683  |  Created: 2013-03-08  |  Updated: 2013-12-17  |  Article URL
ajhay.siingh's picture


I ran SymHelp tool in infected system , as it is not able to detect any files which i will upload and submit to symantec. Any removal tool for this Adware?


Ajay Singh



ksreek's picture

TWAIN error-- Remember seeing this variant in the past..May be this time its in a new dimension.. This kind of malware doesn't usually arrive as a single process. They are usually accompanied by their companions who help them. Are you able to track the backbone for the error using process explorer ?  Any other associated packed process ?. Usually the malware triggers this error via Microsoft rundll32.exe OR if you see the legitimate process named "twunk_32.exe" is involved then hover the mouse over this process in process explorer and press ctrl+d to list the associated dlls. One of them might be driving this behaviour/error.

Alternatively use the command prompt and trigger (tasklist /m /fi “imagename eq rundll32.exe”) in the command prompt. This will help identifying any malware libraries abusing the rundll32.exe. Check for any anomalies or suspicious dlls in the result.

If you did find any suspicious/wierd file then ,As stated by forum members please send the file to Symantec for analysis or upload it to any SANDBOX analyzer such as or and see what other A/V engine suspects on the sample.

ᗺrian's picture

Submit the file for analysis see what's showing up

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.