Can Not Identify Which Mail Doc Is Infected By Message Number

Hello,


I am getting a virus warning when I scan my PC. This was not picked up by Bit Defender when I retrieved the mail. I use Thunderbird. I have a number of files in my in tray which I want to keep so deleting the lot is not an option. On running the checker, it identifies 2 message numbers. This is not enough to identify which message it actually refers to.


This is from my log:


//-----------------------------------------------------------------


//


// ProductBitDefender Internet Security v10


// Product10.2


//


// Created on: 20/01/2008 10:07:13


//


//-----------------------------------------------------------------


Virus Statistics


Scan path : C:\Documents and Settings\Anton\Application Data\Thunderbird\Profiles\nazk23nd.default\Mail


Folders : 88


Files : 133146


Memory processes scanned : 67


Archives : 60064


Runtime packers : 3099


Identified viruses : 2


Infected files : 2


Memory processes infected : 0


Suspect files : 1


Warnings : 0


Disinfected files : 0


Deleted files : 0


Moved files : 0


I/O errors : 0


Scan time : 00:21:47


Scan speed (files/sec) : 101


Spyware Statistics


Registry keys scanned : 389


Registry keys infected : 0


Cookies scanned : 456


Cookies infected : 0


Spyware files infected : 0


Spyware threats detected : 0


Virus definitions : 974491


Scan plugins : 16


Archive plugins : 41


Unpack plugins : 7


Mail plugins : 6


System plugins : 5


Virus scan options


Detection


[X] Scan boot sectors


[X] Memory Processes


[X] Scan archives


[X] Scan runtime packers


[X] Scan email


File mask


[ ] Programs


[X] All files


[ ] User defined extensions:


[ ] Exclude extensions: ;


Action


Infected objects


[ ] Ignore


[X] Disinfect


[ ] Delete


[ ] Move to quarantine


[ ] Prompt user


Second action


[ ] Ignore


[ ] Delete


[X] Move to quarantine


[ ] Prompt user


Virus scan options


[X] Enable warnings


[X] Enable heuristics


[ ] Show all files in log


[X] Report file: C:\Documents and Settings\Anton\Application Data\BitDefender\Desktop\Profiles\Logs\user_0002\1200823633.log


Spyware scan options


[X] Scan for riskware


[ ] Skip dial and applications from scan


[X] Registry keys


[X] Cookies


Summary:


C:\Documents and Settings\Anton\Application Data\Thunderbird\Profiles\nazk23nd.default\Mail\Local Folders\Work E-Mails.sbd\Work Inwards=>(message 141)=>[subject: f1 access file][Date: Sat, 19 Oct 2002 13:38:00 +0100]=>(MIME part)=>sap_bw_databasetemp.zip=>SAP_BW_DataBaseTemp.mdb Suspect: Macro.VBA


C:\Documents and Settings\Anton\Application Data\Thunderbird\Profiles\nazk23nd.default\Mail\pop3.demon.co-2.uk\Inbox=>(message 948) Infected: Generic.Peed.Eml.168EDB1E


C:\Documents and Settings\Anton\Application Data\Thunderbird\Profiles\nazk23nd.default\Mail\pop3.demon.co-2.uk\Inbox=>(message 948) Disinfection failed


C:\Documents and Settings\Anton\Application Data\Thunderbird\Profiles\nazk23nd.default\Mail\pop3.demon.co-2.uk\Inbox=>(message 948) Move failed


C:\Documents and Settings\Anton\Application Data\Thunderbird\Profiles\nazk23nd.default\Mail\pop3.demon.co-2.uk\Trash=>(message 307) Infected: Generic.Peed.Eml.70F5723D


C:\Documents and Settings\Anton\Application Data\Thunderbird\Profiles\nazk23nd.default\Mail\pop3.demon.co-2.uk\Trash=>(message 307) Disinfection failed


C:\Documents and Settings\Anton\Application Data\Thunderbird\Profiles\nazk23nd.default\Mail\pop3.demon.co-2.uk\Trash=>(message 307) Move failed


Please Help. :unsure:

Comments

  • Anton90125
    edited February 2008

    Further to this I moved to files to folders on local foilders. One for the attached messages and one for unattached. I reran the virus check and the following happened:

    • The same virus messages were detected in the now empty InBox
    • The folders which now contain the messages (formally from the In box) were ignored ie no virus detected.
    Why is this? Why should Bitdefender still detect virus files (or any files) in the now empty in box and at the same time ignore the now moved files in the local folders??
  • farbar
    farbar
    edited January 2008

    May be the infected file is a hidden file and still in the original place. To make sure unhide the file (start-control panel, check show hidden files and folders-apply) and then look into the folder.