Problem Emailing a Trojan

Discussion in 'Trojan Defence Suite' started by Konyntje, Apr 17, 2005.

Thread Status:
Not open for further replies.
  1. Konyntje

    Konyntje Registered Member

    Joined:
    Apr 26, 2003
    Posts:
    18
    A scan last night caught two instances of something called 'Riskware.Tool.KillApp.b'. I deleted one and tried to email the other to DCS but I got a message saying "RCPT TO error: 550 relay not permitted". After trying to email it I remembered to check the Primaries List. Its already listed there so I deleted the other instance.

    'Still I've got some questions:
    1) What is this little gem do?
    2) How can I fix the email problem in case there's a 'next time'?

    Thanks in advance. (And thanks DCS for a great product!)
     
  2. Konyntje

    Konyntje Registered Member

    Joined:
    Apr 26, 2003
    Posts:
    18
    OOPS! I just saw the earlier thread on the same trojan 'KillApps' trojan I just scanned. I have a Creative sound card, too. Nevertheless I do scan fairly often and haven't seen this message before. False positive or not it seems suspicious that this suddenly shows up on a scan. Could a trojan writer be trying to take advantage of known characteristics of how Creative does things?
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Konyntje,
    It's always possible trojan writers use known safe file names; that's why it is important to look for recent modifications, place or the file, etc.


    For the email part:have a look at your settings and mailboxes in the configuration tabs, do a test sending some test email to yourself and it should work. Unless you configured a webmail account like hotmail, yahoo, etc.
     
  4. Konyntje

    Konyntje Registered Member

    Joined:
    Apr 26, 2003
    Posts:
    18
    Hi Jooske,
    My earlier email was unclear... I did a succesful email test immediately before trying to send the trojan. It was when I tried to send the trojan to DCS that I got the message.
     
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    several ISP's won't let you send attacments unless they are zipped and taht copuld be it

    or have you made sure that the isp smtp details are the isp you are dialled into
    many ISP's block relaying as an antispam measure and will only accept an outgoing message from you if you have checked for incoming messages within the previous X minutes normally soemwhere between 2 & 10

    so try this first, check for incoming messages using your email program, then straight away try to send a file to diamondscs from within tds

    make a simple text file in notepad just saying testing if upload working and give a link to this thread, then save it and then go to TDS/help submit file and press the button and navigate to the text file and press ok

    but when sending suspects to TDS I find it miuch easier to zip them and attach to a normal email and then send that
     
  6. Konyntje

    Konyntje Registered Member

    Joined:
    Apr 26, 2003
    Posts:
    18
    dvk01:
    I tried your suggestions; no luck, same message. If I encounter another nasty in the future I'll take your advice and just send it via my regular email client.

    Thanks for the help.
     
Thread Status:
Not open for further replies.