Win32.Worm.Stration.FC.m

rreinhardklein
rreinhardklein
edited April 2007 in Malware talk

Since a couple of days I got numerous Virus alarms from Bitdefender 10 alerting that Win32.Worm.Stration.FC.m was detected in my e-mail Thrash Folder which is part of Mozilla Thunderbird Profile Folders/Mail. As Antivirus 10 had detected and blocked the infected mail file, my Thrash Fiolder (Papierkorb) in Thunderbird was blocked as well, means, I could not delete mails. A warning message occurred that the Thrash Folder had to be empdied and compressed. But that did not fix the problem.


The only way to delete a mail was to delete it with shift-Del key-combination


The virus came with a spam mail from secur@areainc.com, which was identified by Antivirus 10 correctly.


Bitdefender had simply blocked all access to the Thrash file to desinfect it, unable to remove, though.


I tried to delete the Thrash file wich had been flagged to contain the virus, but I always got Error 5: Aceess denied.


By chance I found in another profile folder of thunderbird an empty Thrash File and Thrash.msf file, I copied both and inserted into the infected mail directory...and the old, infected Thrash file was overwrittten without error or access denied warning.


The virus disappeared and Thunderbird Thrash Folder is working again.


A new deep scan confirmed that the virus had been removed.


If someone else has that problem too, just create a new mail profile with Thunderbird profile manager, locate the mial folder with windows explorer, copy both thrash files and insert into the folder with the infected Thrash folder.


If the virus gets into a mail folder other than thrash, I would think that you loose the mail contained in this folder, unless you have a saved copy.

Comments

  • alexcrist
    alexcrist

    You can also try this: disable BitDefender Realtime protection (this will un-lock the infected file), delete the infected mail, re-enable BitDefender Realtime protection.


    WARNING!: after you disable realtime protection, be careful not to open that e-mail. Just SHIFT+DELETE it, or you'll get infected.

  • Niels
    Niels

    Hi Cris


    He already solved his problem and posted his solution here.

  • alexcrist
    alexcrist
    He already solved his problem and posted his solution here.


    I know, but I wanted to offer a simpler solution. Stopping BD, deleting the mail and restarting BD is a lot faster then making all those opperations with folders and files (which could be risky, if you don't know exactly what you're doing).


    You know that Time Means Money :P

All Time Leaders

Categories

Defenders of the month