Bit Defender scan finding things that shouldn't exist..

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by emzyme, Feb 16, 2006.

  1. emzyme

    emzyme Private E-2

    Hi there,

    I've been cleaning out my PCs over the last week to make sure they are malware/virus free. I am all clean now but I decided to just run the online bitdefender scan to make sure when it has now decided to report something.

    The scan results are referencing my mailbox files (outlook and thunderbird), I wasn't aware that I was using outlook - I've only ever used outlook express and thunderbird and even when I was using outlook express, the mail folder was on a different drive to the location it is specifying.

    Bitdefender is complaining about an email being infected W97M.Assilem.G. I've checked the appropriate folders and no such email exists and I know this for a fact because my AVAST virus scanner picked it up a long time ago when it found the virus and deleted it for me. Can anyone explain why it is still showing up? I performed an AVAST full system scan and it reported that my hard drives were clean.

    Many thanks,

    Emma
     
    emzyme, Feb 16, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Feb 16, 2006
    #2
  3. emzyme

    emzyme Private E-2

    Hi,

    Here's the bit defender report.

    I'd not read that link, but have just now. The email it was complaining about did have a word document in it, but I don't think I have ever opened it.

    The email should be well and truly gone now though..

    Thanks,

    Emma
     

    Attached Files:

    emzyme, Feb 18, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm not sure I follow your last message. You said you removed the email but the BitDefender log still shows problems in your email. Did you manually remove the problem emails that it found? Was the BitDefender log from before or after deleting the emails. You need to get rid of the files it is finding.

    You should disable System Restore. (see this: Disable And Enable System Restore )
    Then you should empty the C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine folder.
    Then if not already deleted, remove the emails BitDefender is complaining about.
    Then run a new BitDefender scan and attach the log.
    If clean, you can enable System Restore.
     
    chaslang, Feb 18, 2006
    #4
  5. emzyme

    emzyme Private E-2

    The emails were deleted a long time ago when I originally found them whilst running a full system antivirus scan using Avast when I switched from Norton to Avast. This is what I can't understand, the bitdefender scan should nt be finding them because they aren't there in my inbox. Do you think its possible that email programs keep a blue print of all the emails whether you ask them to be deleted or not? It's pointing to specific mailbox items in thunderbird and outlook and I am 100% sure that they can't exist. I've already run the bitdefender scan twice just to see if it was a one off. I've also disabled system restore.

    I can't delete any files because if I delete the files it is referencing the bad emails in, I will lose a complete section/archive of all my emails stored in that location... e.g. C:\Documents and Settings\Emma\Application Data\Thunderbird\Profiles\hsqboa71.default\Mail\Local Folders\To Keep - this has lots of emails in it (and it should not have the email with the virus in it anymore).

    I just want to understand why bitdefender thinks it's still there? I've run a full system scan using Avast (the virus application that originally found the problem) and it does not find the problem anymore.

    Thanks for the help,

    Emma
     
    emzyme, Feb 19, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    BitDefender is finding them because they are there. You have them in two places one on drive C and on on drive G in a backup:

    C:\Documents and Settings\Emma Middlebrook\Application Data\Thunderbird\Profiles\hsqboa71.default\Mail\Local Folders\To Keep=>(message 17)=>[Subject: 7110 set up ][Date: Wed, 12 Jul 2000 16:16:21 +0100]=>(MIME part)

    G:\_Backups_\23-01-2006~21-00~Emmas Backup.bac=>(ZIP Sfx g)=>archstored: Documents and Settings/Emma Middlebrook/Application Data/Thunderbird/Profiles/hsqboa71.default/Mail/Local Folders/To Keep=>(message 17)

    Whatever it is, it is in theTo Keep folder! You need to clean up that folder or delete it. It seems to say message number 17 is the problem. It is up to you what you want to do. But if you want to get rid of what BitDefender is finding you must clean up those folders. Selectively copy the messages to another folder. Just don't copy the infected ones.
     
    Last edited: Feb 19, 2006
    chaslang, Feb 19, 2006
    #6
  7. emzyme

    emzyme Private E-2

    Thanks for the suggestion, I created a new folder and moved the emails into that and then deleted the "to keep" folder. I re-ran the scan and this time bitdefender didn't find anything.

    Thanks!

    Emma
     
    emzyme, Feb 20, 2006
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds