False Positive ?

Discussion in 'NOD32 version 2 Forum' started by TouchuvGrey, Oct 5, 2005.

Thread Status:
Not open for further replies.
  1. TouchuvGrey

    TouchuvGrey Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    441
    Location:
    Gold Coast Queensland Australia
    If i run an In Depth Scan i get the message:
    File C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Application Data\Thunderbird\Profiles\default\6nxquhdq.slt\Mail\mail.xxxxxxxx.org\Inbox »MIME »text-indictment_cit1936.vzip is infected with worm Win32/Sober.K. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. Cleaning of archive cannot be performed.

    ( xxxxxxxx substituted for actual filename ) I click "delete" and the scan continues. If i scan again, i get the same message. TDS-3, Ewido, and A2 find nothing, Wormguard finds nothing. Any suggestions ?


    Mike
     
  2. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,403
    Location:
    Ontario, Canada
    Are you Visiting NewsGroups and using Thunderbird as a NewsReader?
     
  3. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    NOD has already found this at some point and added the v to vzip in the extension. Try locating the message in your email client and deleting it there. HTH :)
     
  4. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    NOD32 user is right. What is happening here is that NOD32 is finding a virus inside a .zip file an e-mail attachment in your Inbox. NOD32 is not capable of deleting the virus out of the .zip file, so you must search for the message with the infected attachment and delete it yourself.

    If you have already done this, and you are still getting this message, then right-click on your Inbox in Thunderbird and choose "Compact This Folder".

    An e-mail folder in Thunderbird is basically one large file with all the messages. Deleting a message just marks the message as deleted, but it does not actually remove it from this file. Only when you compact the folder does the message really get removed from the file. ;)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.