I'm new user of TDS3 - Possible false positive! Is there any way to check?

Hi everyone

I have just purchased TDS3, registered and completed a full scan. It seems to have come up with a possible Trojan, although I do feel that it may well be a false positive?

I checked out the file at VirusTotal Scan, Jotti online malware scan, + with Trojan Hunter, Webroot SpySweeper, NOD32, and TrendMicro (Java online scan), none of which indicated a problem. I also read somewhere that a few people had seen the same message when heuristics were set high using different virus scanners. The exact TDS message I got is:-

Scan Control Dumped @ 15:10:59 07-06-05
Positive identification <Adv>: Possible ICQ-notifying trojan
File: c:\program files\icqlite\icqliteuninstall.exe

My initial reaction was to right click the reference in TDS, and submit it, but I was unable to do so! I am sure that I have my Outlook settings correct re my server requires authentication.

I have no problem sending or receiving mail, yet when I use the email test facility in TDS it comes up with an error, suggesting that my server authentication settings are not correctly configured?

I did double check them. In addition to having the "my server requires authentication" box ticked, I tried under the next page - settings firstly "use same settings as my incoming mail server", then secondly "log on using account/ name password". Neither worked, as I got the same error with both settings in the email test window (with a suggestion to contact Yahoo re configuration)...

Is there anywhere I should submit this file, or should I disregard it as a false positive based on the checks that I have done? Advice appreciated...

I should maybe add that I did configure TDS from the original 127.0.0.1, admin@localhost to my correct email address etc from configuration, servers, email set-up. I guess that I must be making some or other mistake? I didn't change the internet service provider for ip retrieval. Maybe I should have? It is currently set to tds.diamondcs.com.au

Kind regards,

Howard

 

I trialled today TDS-e and i have the same alert that is possibly a FP.

 

That is encouraging. My gut reaction is that it was a false positive!

 

Hi zoril, Please send the file zipped to submit@diamondcs.com.au
For more information about email configuration please read this link:
https://www.wilderssecurity.com/showthread.php?t=2871

HTH Pilli

 

Hi there Pilli

Many thanks for the reply. I have zipped, encrypted and sent the file to the address you mentioned (along with the encryption password).

That configuration page looks brilliant. I have bookmarked it, as it is something that I want to read slowly and digest, rather then just glance at...

I have a lot to learn. Not being technically orientated, it will probably take me a lot longer then most in this forum to achieve.

Someone told me to install execution protection with TDS. That is something else that I will need to learn about. I have installed it, but have not used it yet - at least not knowingly...

Best wishes,

Howard

 

Execution protection kooks opening processes to ensure that they are not infected, once installed it is only active when TDS3 is running either as a window or iconised to the systray.

Pilli

 

That is handy to know. It can't do any harm leaving it enabled, in that I may well leave it minimised to the tray when surfing. I just finished reading the other page. It was very useful re settings...

I think that I will need to find out the exact address of my ISP for the purpose of the TDS email test. I am with BT Broadband as my main telephone provider, yet my Outlook Express email address is with btinternet.com, for which I pay a small monthly subscription.

Even after reading that page, I am unable to configure it correctly re the email test...

Howard

 

You just need to use your pop and smtp setting for your mail. That`s all I used.

 

The thing is I know my pop and smtp from outlook express account/ properties/servers. I have my server requires authentication ticked and also the settings.

Internet service provider for ip retrieval on the left hand side of TDS3 (I tried entering the address for btinternet.com, then tried leaving it blank). Neither worked!.........Howard

 

Hi there, untick the authentification and try again.

 

Hi there Jooske

I hope that things are going well for you?

I tried what you suggested but sadly no joy. I get the same smtp error message everytime:-

[SMTP error] Failed MAIL from ERROR: 530 authentication required. Your email could not be sent. To fix this you must make a simple change to your email (known as smtp authentication). For advice visit btyahoo.com/smtp or call a specific 0800 telephone number...

I never have had any problems with Outlook Express. It probably is something really simple that I missed. I should maybe add that I have only one email account, which is my default one.

I can send emails ok using plugins smtp, but not via test email!

Thanks for helping.

Howard

 

By the sound it seems really simple then, if you can send via the test email. Did you configure it in the sockets as well to send yourself an alert email? That should be the same as in the test email and SMTP plugin.
No typo of some kind?
btinternet sounds different from btyahoo ....

Best to zip your samples anyway and attach them to an email to submit them these days.

 

Hi Jooske,

As long as Outlook Express works ok that is the most important thing. I guess that it is not important if test email works, as long as the plugin SMTP does..
I don't think that I configured sockets - I don't remember doing so...

I got an email back from support. They confirmed that the possible trojan was in fact a false positive. I thought it best to mention that in this post, for the benefit of anyone who has followed the thread...

I have never fully understood the way that BT and Yahoo work together. The one thing I am certain is that my Outlook Express configuration is correct, as it was tech support that helped me to configure it originally...

All the best,

Howard

 

Thanks for the updating!
Maybe your Outlook needs allowance in the trusted zone as well, in stead of the internet zone if that is where you have it, could be such a thing.
You'll need the test email to work properly if you would like to be able to submit samples with the rightclick from the alerts console.

The sockets configuration you can see with one blink of an eye if you look at the TDS console and see upper right corner if you ever clicked on the sockets button and all squares are there nicely colored green.
It's an extra protection. Switch them on (automated) and select alerts emails sending to you and beep alarm, then in the plugins do some of the port testing and see if you get any alarms and emails alerts.

Have fun trying it all!

 

you might be right re Outlook Express and trusted zone. Is there an easy way to put it there?

I had a look at sockets. I definitely hadn't configured that earlier. I have loads to learn...

Howard

 

In Outlook Express Tools > Options > Security.
I put mine temporary in the Internet Zone when needed changing that choice on top.

Yeah, the forum is rather educative
See the Important sticky thread and the links, that's why they are important!

 

Thanks again Jooske

Your replies have been most appreciated

Howard

 

You're welcome!

Outlook Express is needed in the internet zone if you want more functionallity like playing scripts (msagents for instance) from your inbox, but i can't remember it to have any impact in sending alerts emails or submits from TDS. It is really strange, as the SMTP plugin should use the same smtp settings as the configuration which are used for the settings in the sockets too.