Cyborg - First time user question on scan results

Discussion in 'Trojan Defence Suite' started by Cyborg, Dec 10, 2003.

Thread Status:
Not open for further replies.
  1. Cyborg

    Cyborg Registered Member

    Joined:
    Dec 8, 2003
    Posts:
    78
    Hello,

    I have downloaded the trial version of TDS3.

    Upon my first scan, I did all hard drives, I gothe the following 4 Alarms:-

    Suspicious Files Dual Extensions

    The txt is as follows:-

    Scan Control Dumped @ 02:21:36 11-12-03
    Suspicious Filename: Dual extensions
    File: e:\all data b4 rebuild\games,patches\battlefield,mohaa,ea\battlefieldmods\siege\siege(o.27).exe

    Suspicious Filename: Dual extensions
    File: e:\all data b4 rebuild\games,patches\msn,system,directx,etc\mpsetupxp(22.10.03).exe

    Suspicious Filename: Dual extensions
    File: e:\all data b4 rebuild\games,patches\unreal,sof,wolf\ut2003\upaint-patch-1.0.2.exe

    Suspicious Filename: Dual extensions
    File: e:\all data b4 rebuild\virus,spy,adaware\aaw6(ad-awarevs1.81).exe

    I have not got a clue what I should now do and secondly I cannot get an E-mail to be sent via the "Test E-MAIL," so obviously I have not set something up right in the servers area under configuration possible because alot of the inserts I need to put in there mean nothing to a PC noob like me.

    I hope I do not come across as an idiot here. I have read other posts in respect of the above and yet it is not quite getting through my thick skull lol.

    Any help would be appreciated,

    Thanx
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Hi Cyborg,

    The warnings about "dual extensions" are mainly just to alert you to check the files out for yourself. A "dual extension" is nothing more than a file the has two (or more) "." characters in it.

    The reason TDS warns on these is that sometimes malware people try to fool you into thinking that a file is something other than it really is. They might name a trojan something like reallycoolpicture.gif.exe in the hope that you won't notice that the file is an EXE (a program) not a GIF (image).

    If you look at all those files you have warnings about, they all have more than one period "." in them. But, none look like a problem to me.
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi again and welcome to the forum!
    LWM is right for the dual extensions, good explanation :)

    For the test emails: in the TDS > Configuration you'll find in the servers tab the place to put your email outbox like you use in your email client, so it could be your smtp.domain.com or mail.domain.com whatever you use.
    Once that is configured correct and sending a test email it should appear in your inbox. So this way in case of alerts you should get warnings and it is useful if you ever have to submit infected files to the TDS lab genies for deeper study.
     
  4. Cyborg

    Cyborg Registered Member

    Joined:
    Dec 8, 2003
    Posts:
    78
    Hi Guys,

    Thanx for the help.

    Jooske you said in respect of how I set up the server details:-

    "so it could be your smtp.domain.com or mail.domain.com whatever you use."

    Sorry but I do not know what SMTP is. I did put out a follow up post but LowWaterMark has split some of my reply to:-

    http://www.wilderssecurity.com/showthread.php?t=17702

    I really need talking through exactly what I should be putting in all the server boxes,

    Thanx guys
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    SMTP is your outgoing email box.
    If you come to internet via an ISP who gave you email boxes, they might have given you a pop3 mailbox for incoming email and SMTP or MAIL for outgoing email.
    Somehow you must be able to email, or if this is not part of the service they gave you a webmail option only or you have to go to some of the other webmail or free email services with popmail.

    In case the ISP gave you pop/smtp email possibilities, you also will have got instructions how to setup those in an email client, for instance outlook express.

    In this case as i don't know your ISP i said they might have given you something like
    pop.isp.com for the incoming and
    smtp.isp.com for the outgoing email
    but it can be any different, depending on what your ISP gave you.
    That last outgoing email box is the one to copy in the TDS > Confoguration > Server tab > smtp server and your email address under that > press test email when done to see if it comes in your inbox.

    If you only have some webmail address it will not work; many people have tried with hotmail and msn mail but no luck yet. thought they had popmail options, maibe for payment, that is to investigate.

    So look in your system how you get and send email to know your settings here.

    Also without this popmail issue TDS and all the other DCS programs will work fabulous, so no worry!
     
  6. Cyborg

    Cyborg Registered Member

    Joined:
    Dec 8, 2003
    Posts:
    78
    Hi Jooske,

    Great advice and much appreciated. I managed to send myself an E-mail after sorting out a few problems.

    I recently joined a Clan and the guy who runs the show asked me for my user name and would I like that name to be at the front of my E-mail address. He also asked me for a password so that he could set it up at his end.

    I received a file which I downloaded from the site and when I double clicked on the Icon it took me into Outlook Express. In the top box was the E-mail address I had agreed to as being a member of the clan and to gain access to Oulook Express I had to enter in the password I gave to him. I then got a congratulations message welcoming me. It was then that I noticed bottom right hand corner that Outlook was dialing for a connection which never happened before.

    On all subsequent visits to Outlook the dial up appeared in the bottom right. Everything basically had defaulted so that my Incoming and Outgoing mail reflected the .com site of this clan i.e. Outgoing was defined as username.clan.com instead of smtp.isp.com and incoming likewise pop.clan.com instead of pop.isp.com

    I have I hope with the assist of my ISP removed the Clan details but the worrying aspect for me is what other information has the Clan managed to obtain if all mt E-mails had been going via theie dial up as opposed to going through my ISP.

    Has anybody else had this sort of thing put upon them before and is there a possibility that they could have "hacked" any of my personal information in this way?
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    To stop automatic dialing in IE > Tools (Extra) > Options > Connections > look for the connections and set it to "never dial..."
    OK
    This prevents the autodialing when you open IE or Outlook Express (OE)


    The other parts i really don't know, onlly if you gave all your email and passwords of course they can.
    Just change any passwords and make sure your pop mail and outgoing mail are all back via the ISP if possible and configure that one in OE and in TDS as described above in the other message.
     
Thread Status:
Not open for further replies.