AntiVir Personal Premium NOT removing Viruses...

Discussion in 'other anti-virus software' started by PhoenixWeb, Jan 11, 2007.

Thread Status:
Not open for further replies.
  1. PhoenixWeb

    PhoenixWeb Registered Member

    Joined:
    Dec 7, 2006
    Posts:
    76
    Location:
    Southampton, UK
    Hi

    I use AntiVir Personal Premium, Commodo firewall, CyberHawk and AVG anti-spyware (free on demand scanner). I run a full virus scan and a spyware scan once a week.

    For a while now AntiVir has been saying I have various infections (see below)

    [DETECTION] Contains signature of the Phish-File/Email PHISH/Paypalfraud.4
    --> Mailbox_[From: "Paypal Inc." <account@paypal.com>][Subject: IMPORTANT: Update your PayPal account informati]980.mim
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Paypalfraud.4
    --> Mailbox_[From: "PayPal Security Service" <service@paypal.com>][Subject: Notification of Limited Account Access (Routing]1014.mim
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Paypalfraud.5
    [WARNING] The file was ignored!
    C:\Documents and Settings\HP_Owner\Application Data\Thunderbird\Profiles\xgusgcg6.default\mail\local folders\junk
    [0] Archive type: Netscape/Mozilla Mailbox
    --> Mailbox_[From: "Bank Of America Online Service" <service@banko][Subject: Update your Bank Of America records [K9-SPAM]]2620.mim
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Bankfraud.1
    [1] Archive type: MIME
    --> file0.html
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Bankfraud.1
    --> Mailbox_[From: "PayPal Security Center" <support@paypal.com>][Subject: Update your PayPal records]3706.mim
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Paypalfraud.4
    --> Mailbox_[From: "Paypal Inc." <account@paypal.com>][Subject: IMPORTANT: Update your PayPal account informati]4188.mim
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Paypalfraud.4
    --> Mailbox_[From: "PayPal Security Service" <service@paypal.com>][Subject: Notification of Limited Account Access (Routing]5200.mim
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Paypalfraud.5
    --> Mailbox_[From: "PayPal Security Service" <service@paypal.com>][Subject: Notification of Limited Account Access (Routing]5458.mim
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Paypalfraud.5
    --> Mailbox_[From: "PayPal Inc" <mail@support.com>][Subject: Notification from Billing Department [K9-SPAM]]6922.mim
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Paypalfraud.2
    [1] Archive type: MIME
    --> file0.html
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Paypalfraud.2
    [WARNING] The file was ignored!

    I have since downloaded and used the free on demand Bitdefender and Dr Web, which find nothing. I have also run an online scan using Trend Micro, which also finds nothing.

    I have two questions.

    Why doesn't Bitdefender, Dr Web or Trend Micro find/removed this malware?
    AntiVir finds it, but never removes/quarantines, why?

    Many thanks in advanced!

    Rich
     
  2. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    these aren't viruses. They are phishing emails where the URLs direct you to fake web sites. Your webscans will not see them.
     
  3. PhoenixWeb

    PhoenixWeb Registered Member

    Joined:
    Dec 7, 2006
    Posts:
    76
    Location:
    Southampton, UK

    Excellent, thanks for that phasechange. I suspected it was something like that i.e. not a specific virus or spyware infection.

    Thank you!
     
  4. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Yet another example of AntiVirs excellent detection
     
  5. smustaca

    smustaca AV Expert

    Joined:
    Sep 5, 2006
    Posts:
    21
    As phasechange answered, these are just Phishing emails.
    Antivir will detect the malware and phishing in archives but it will not clean them.
    The emails in an inbox-like file are considered archives and not 'cleaned'. (nor removed)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.