Trojan detection failure

Discussion in 'Trojan Defence Suite' started by salad_tosser, Feb 3, 2004.

Thread Status:
Not open for further replies.
  1. salad_tosser

    salad_tosser Guest

    I know that there is a trojan in my outlook.pst file, but TDS-3 does not find it. The trojan is in a message in the "Deleted Items" in my personal folders.

    I know it is there because when I save the attachment from that message to my Desktop and scan it, TDS-3 notifies me that it's infected. However, as long as the attachment is left in the message in "Deleted Items" in Outlook, TDS-3 will not find it-even doing a "Full System Scan".

    Why?
     
  2. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    It is because the trojan is not a file by itself, but rather in your "deleted items.dbx" which is a part of Outlook. TDS-4 supports archive scanning so it should be able to find that file when it is released.

    -Jason-
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    You might like to create (maybe inside the TDS directory?) a special folder to copy suspicious attachments and files into for such scannings so you remember all insode that folder to be threated with care and not click away on them. Of course if you do you might like after the scanning and in cases sending a zipped copy to Gavin delete the files; it's advisable to immediately change the extension into something like *.tmp which can't run to avoid bad problems or zip the file immediately, anything to disarm them temporary.

    Ahh those email scanners ...... long ago one was so nice to tell in email folder X was an infection but was not so nice to tell in which email it was and it was embedded in an email as there was no visuable attachment, very helpful but not really; iframe exploit i guess.
    Another one added numbers to all emails (invisible for me of course and not searchable) and told me email number Y was infected; very helpful but not really if i don't know which number in which folder and which date and which sender, anything to make it searchable.
    I would like to see the date and sender and subject and infection and path or foldername, or an option to move it to a suspicious emails place, quarantine, whatever with the press of a button.
     
Thread Status:
Not open for further replies.