How to clean Thunderbird email?

Discussion in 'NOD32 version 2 Forum' started by Chippy, Jan 22, 2007.

Thread Status:
Not open for further replies.
  1. Chippy

    Chippy Registered Member

    Joined:
    Dec 14, 2004
    Posts:
    19
    Hope someone can help? I ran In Depth Analysis over the weekend and NOD32 picks up a virus in my Mozilla Thunderbird Inbox. The virus it is reporting is JS/DisEbay.A

    How this got there, I don't know, because I have NOD32 permanently scanning incoming emails and it is always bang up to date.

    Anyway, please can anyone suggest what I should do now? If I have NOD32 clean the file, it deletes all of my emails. I tried this and I ended up with an empty inbox. This is not really a practical solution as I have 2 years+ of information and contacts in there that I need. I had to restore the file from quarantine to get my emails back again.

    Alternatively, I can ignore the warnings and leave the virus there. How much of a risk is this? I don't know which email the virus is actually in, and whether it is fairly safe to just leave it there, or not?

    Thanks for any advice.

    Chippy
     
  2. Megachip

    Megachip Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    243
    delete the infected mail in thunderbird!?
     
  3. ASpace

    ASpace Guest

    It is absolutely safe to leave it there because if it tries to do something (or you try to open it) AMON will pick it up immediately . Absolutely safe !

    What you can do ... Check in NOD32's log files (NOD32 scanner logs) what mail is exactly identified as infected - check the sender and subject . Then open Mozilla Thunderbird , navigate to the infected mail and manually delete it , delete the infected mail only .

    This malware was added in signature 1984 from 17 January . Msot likely this is not a very big threat . NOD32's IMON or AMON didn't detect it before because they didn't have definitions for it . Now they have and NOD32's on-demand scanner detect it because it is inside . :thumb:
     
  4. Chippy

    Chippy Registered Member

    Joined:
    Dec 14, 2004
    Posts:
    19
    Thanks guys.

    I have experienced this type of problem before and the issue is that NOD32 doesn't help in identifying which email is infected.

    Anyway, I have managed to solve the problem and I will mention it here in case anyone gets a similar issue in the future:

    When you delete an email in Thunderbird, the email can still be there in the Inbox file. When you Compact your inbox any such deleted data gets overwritten and is truly deleted.

    So I tried compacting my Inbox and run NOD32 again. Hey presto, the virus is gone.

    So it looks like NOD was picking up remnants of an old email that had already been deleted, but was still sitting hidden in the Inbox data somewhere. That could explain why NOD doesn't tell you which email is affected?

    Thanks again for your help.

    Chippy
     
  5. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    Chippy,

    I beleive that Eudora would work the same way - deleted mail is not finally "deleted" until the mailbox is compressed.


    hth

    Greg
     
  6. Megachip

    Megachip Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    243
    I think the most mail clients working this way...

    OE is the same ;)

    The most filesystems (NTFS,FAT etc) working this way... deleting a file only delete the MFT entry (its like taken a page from the index of a book, but didn't remove the page)
     
Thread Status:
Not open for further replies.