Note: As of Thursday 5 February, approximately 7:25 p.m. California time, 03:25 (a.m.) GMT or Zulu time, I have edited the first and last of my messages in this thread. The edits are in boldface. An InDepthAnalysis of my wife's computer, and then later another context menu scan of her email folder, turned up numerous trojan infected emails, presumably in email attachments. I am having trouble figuring out how to use the Scanning Log to delete the infected emails. A P.S. Background, at the end of this message, lists the actual trojans found. The email program is Mozilla SeaMonkey, a descendant of the Mozilla Suite (think Firefox and Thunderbird in one program), which uses POP3. The operating system is Windows 2000 Sp4. Question 1) Why didn't NOD32 2.7.32 catch these threats (described below) when the email was being downloaded? Is there some NOD32 setting I have missed? (In the past, NOD32 has caught email threats as they were downloaded.) Question 2) The scan log reports the folder containing each entry, followed by: >>MBOX >>mailnnn.eml >>MIME >> NameOfZipOrRarFile, followed by the threat's filename (e.g. jolie.exe or film.scr) and finally the name of the trojan, where "nnn" is a three digit number as low as 003 and as high as 911. The numbers are not in order. And using either SeaMonkey or Windows Explorer, I cannot find any email numbers. A sample scan log entry is the following: path to SeaMonkey Mail initial folder, then (with xxxxxxxx being a set of random numbers and characters) \xxxxxxxx.slt\Mail\pop.redshift.com\Inbox >>MBOX >>mail093.eml >>MIME >>jolie.zip >>ZIP >>jolie.exe - Win32/Wigon.EX trojan . How can I use the scan log to determine which emails ought to be deleted? I ask that because during the InDepthAnalysis, the Threat Found! box that appeared as each threat appeared in the scan list had the following Available actions: Leave, Clean, Rename, Delete, Replace. But except for a few threats that I could and did delete (not included in the threat descriptions below, which came from the later Context Menu scan), Leave was the only available choice --- the others all were greyed out. Why, I know not. Nevertheless, the box did contain statements that "The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. Cleaning of archive cannot be performed." Before the context menu scan, I had backed up my wife's email (using Windows Explorer to copy it to a separate folder), but how to delete the file (message) containing the trojan is a complete mystery to me. 3) I set up NOD32 v2 several years ago, and now I can't remember or find out (although I did explore the Help) how to make sure that the Context Menu profile is using the same stringent settings as the InDepthAnalysis. Did the layout of those profile settings change between an earlier NOD32 v2.x and the current v2.70.32? 4) Should I temporarily stop worrying about deleting the infected emails, and go ahead and uninstall NOD32 v2.7 (using its own uninstall routine rather than Windows Ann/Remove Programs) and then install NOD32 v3.0.684, in hopes that its more modern scan log would facilitate deleting infected emails? Thanks for any help. Roger Folsom ________________________________________________________________ P.S. BACKGROUND In preparation for installation of NOD32 v3.0.684, I scanned my wife's computer using her installed NOD32 v2.70.32. To my surprise, when I did an InDepthAnalysis scan of her computer (that's the only type of demand scan we do), it turned up numerous trojans in her SeaMonkey email, plus additional part000.txt and part001.txt or .htm "error occurred while reading archive" reports. We've been using NOD32 v2.x since 2005 or maybe earlier, and it has caught serious viruses in our incoming email on numerous occasions. But never before has an InDepthAnalysis scan turned up anything, except one false positive on my computer years ago (NOD32 hadn't heard of WordPerfect's now-deceased Envoy utility). Given that the InDepthAnalysis was finding threats in my wife's email, I interrupted it, deleted the emails in her trash and junk (spam) mail, and did a context menu scan on her email folder. That turned up a total of six different trojans. Trojans Detected The jolie and xjolie.zip containing the Win32/Wigon.BZ or .CB, trojans; The Angelina_Jolie.rar containing "probably a variant of Win32/TrojanDownloader.SmallTrojan" (my understanding is that the "probably" means that NOD32 didn't have a signature for this trojan, but made a heuristic judgment); The film.zip containing the Win32/Wigon.EH or .EX trojans; The UPS_INVOICE_187271.zip containing the Win32/SpyAgent.NHS trojan. I have read "Infected ~ Virus / Trojan Detection ~ Dealing with New Samples," at http://www.wilderssecurity.com/showthread.php?t=178177 but I don't think it deals with the trojans on my wife's computer.