False Positive(?) - part000.txt

Discussion in 'NOD32 version 2 Forum' started by aster, Aug 17, 2005.

Thread Status:
Not open for further replies.
  1. aster

    aster Guest

    I'm new to Nod32, so if I'm asking something that may have been answered somewhere that I missed in my searching, my apologies.

    That said, each time Nod32 runs, it finds about nine entries in one of the account folders in \mail (using Thunderbird, of course) - all of them are listed as MIME > part000.txt , HTML\Phishing.gen trojan. Now, if I understand what I found elsewhere correctly, this is just Nod's way of telling me, "Hey, you got some BS phishing emails" despite the trojan moniker. So I made sure the trash folders were empty, but to no avail - the same thing happens over and over.

    Of course, I never did anything with any links in those stupid things.

    Other than a couple of false positives (a program .dll patched by the company itself and another one, nHTMLn.dll, used in mIRC scripts such as the one I use), I have had nearly zero issues with actual infections over the past several years, so this is a bit surprising to me.

    Anyone care to shed some light on the matter?
     
  2. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Thunderbird stores each of your e-mail folders (Inbox, Trash, Sent, etc.) as two files. One of them is a big text file with all your e-mail messages (you can actually open it up with Notepad), and the other is an index. When you delete a file (for example, move it from Inbox to Trash), it merely *marks* the message as deleted from the Inbox, but the contents of the message are still in the Inbox file.

    In Thunderbird, go to File --> Compact Folders, or right-click on the folder and choose "Compact this Folder". This will get rid of the hidden, deleted messages. It will also make these files smaller.

    The NOD32 scan is probably detecting some deleted messages that were already there before you installed NOD32.
     
Thread Status:
Not open for further replies.