AntiVir Personal Premium NOT removing Viruses...

Discussion in 'other anti-virus software' started by PhoenixWeb, Jan 11, 2007.

Thread Status:
Not open for further replies.
  1. PhoenixWeb

    PhoenixWeb Registered Member

    Joined:
    Dec 7, 2006
    Posts:
    76
    Location:
    Southampton, UK
    Hi

    I use AntiVir Personal Premium, Commodo firewall, CyberHawk and AVG anti-spyware (free on demand scanner). I run a full virus scan and a spyware scan once a week.

    For a while now AntiVir has been saying I have various infections (see below)

    [DETECTION] Contains signature of the Phish-File/Email PHISH/Paypalfraud.4
    --> Mailbox_[From: "Paypal Inc." <account@paypal.com>][Subject: IMPORTANT: Update your PayPal account informati]980.mim
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Paypalfraud.4
    --> Mailbox_[From: "PayPal Security Service" <service@paypal.com>][Subject: Notification of Limited Account Access (Routing]1014.mim
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Paypalfraud.5
    [WARNING] The file was ignored!
    C:\Documents and Settings\HP_Owner\Application Data\Thunderbird\Profiles\xgusgcg6.default\mail\local folders\junk
    [0] Archive type: Netscape/Mozilla Mailbox
    --> Mailbox_[From: "Bank Of America Online Service" <service@banko][Subject: Update your Bank Of America records [K9-SPAM]]2620.mim
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Bankfraud.1
    [1] Archive type: MIME
    --> file0.html
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Bankfraud.1
    --> Mailbox_[From: "PayPal Security Center" <support@paypal.com>][Subject: Update your PayPal records]3706.mim
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Paypalfraud.4
    --> Mailbox_[From: "Paypal Inc." <account@paypal.com>][Subject: IMPORTANT: Update your PayPal account informati]4188.mim
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Paypalfraud.4
    --> Mailbox_[From: "PayPal Security Service" <service@paypal.com>][Subject: Notification of Limited Account Access (Routing]5200.mim
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Paypalfraud.5
    --> Mailbox_[From: "PayPal Security Service" <service@paypal.com>][Subject: Notification of Limited Account Access (Routing]5458.mim
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Paypalfraud.5
    --> Mailbox_[From: "PayPal Inc" <mail@support.com>][Subject: Notification from Billing Department [K9-SPAM]]6922.mim
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Paypalfraud.2
    [1] Archive type: MIME
    --> file0.html
    [DETECTION] Contains signature of the Phish-File/Email PHISH/Paypalfraud.2
    [WARNING] The file was ignored!

    I have since downloaded and used the free on demand Bitdefender and Dr Web, which find nothing. I have also run an online scan using Trend Micro, which also finds nothing.

    I have two questions.

    Why doesn't Bitdefender, Dr Web or Trend Micro find/removed this malware?
    AntiVir finds it, but never removes/quarantines, why?

    Many thanks in advanced!

    Rich
     
  2. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    these aren't viruses. They are phishing emails where the URLs direct you to fake web sites. Your webscans will not see them.
     
  3. PhoenixWeb

    PhoenixWeb Registered Member

    Joined:
    Dec 7, 2006
    Posts:
    76
    Location:
    Southampton, UK

    Excellent, thanks for that phasechange. I suspected it was something like that i.e. not a specific virus or spyware infection.

    Thank you!
     
  4. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Yet another example of AntiVirs excellent detection
     
  5. smustaca

    smustaca AV Expert

    Joined:
    Sep 5, 2006
    Posts:
    21
    As phasechange answered, these are just Phishing emails.
    Antivir will detect the malware and phishing in archives but it will not clean them.
    The emails in an inbox-like file are considered archives and not 'cleaned'. (nor removed)
     
Loading...
Thread Status:
Not open for further replies.