Malware in Thunderbird files

[sargan]

Bitdefender 2019 Internet Security run a scan and advises a trojan is located in Thunderbird files:
The specifc malware is Trojan.Phishing.MH and is located here:
C:\Users\Rick\AppData\Roaming\Thunderbird\Profiles\4ttn729w.default\Mail\pop3.btconnect.com\Inbox=>(message 394)

I tried Malware bytes .. failed to detect or remove it ..... how can I remove this, can I delete specific message ?

Latest ver of Thunderbird on W10 64bit

[tanstaafl]

It might be a false positive. That's not unusual, especially if malware bytes failed to detect it. You could create a new folder, move the message to it, upload the file for the new folder to https://www.virustotal.com/#/home/upload and let it analyze it. "VirusTotal inspects items with over 70 antivirus scanners and URL/domain blacklisting services, in addition to a myriad of tools to extract signals from the studied content."

However if the message is not worth saving than it would be simplest to just delete it, empty the trash and then compact the folders (file -> compact folders). That will physically remove the message.

[James]

This was cross post at https://support.mozilla.org/en-US/questions/1250360

[sargan]

It might be a false positive. ... You could create a new folder, move the message to it, upload the file for the new folder.

How do I find the file ? It gives msg number how do Inidentify the individual email?

[tanstaafl]

Help -> troubleshooting information -> open folder will open windows explorer at your profile. If you create a folder with a unique name such as xyz and move the message to it its easy to find the file in your profile.

I don't know how BitDefender counts messages in a folder. But you could narrow it down based on the time/date you got the warning. I'm actually surprised that it gave you a message number as I have the free version of BitDefender and it doesn't "know" about mail. It only "knows" about files.

If you're really worried about this you could export a range of messages using the ImportExportTools add-on as *.eml files, import some of the *.eml files it creates into a new folder and repeat until BitDefender complains about a message in that new folder. But if I were in your shoes I'd just upload the inbox to virustotal and get a second opinion.

[sargan]

I’m not really sure what you mean ...”move the message to a folder” .... I do t know how to find the message, the path just says messag394 in the inbox ... I dont even know which sub-folder.

I could try exporting folder by folder, as per 2nd part of your mail.
Could be a long job.

[tanstaafl]

"in the inbox ... I dont even know which sub-folder."

You can narrow the suspects by looking at the message filter log, and/or doing a global search for all messages with a certain date. You could also right click on a mbox file in windows explorer and select "scan with bitdefender". Mbox files are files named after the mail folder that have no file extension and contain all of the messages for the mail folder. "inbox." is a mbox file. "inbox.msf" is a index file (ignore it) and inbox.sbd is a renamed directory (ignore it).

If you are uncomfortable getting a second option with VirusTotal , see http://kb.mozillazine.org/Antivirus_pro ... as_a_virus for some other possibilities.

[sargan]

I don't follow how sorting by date would help - as I don't know date of message.
I'll try wht you said with right-click on mbox folders

[tanstaafl]

"I don't follow how sorting by date would help - as I don't know date of message."

But I assume you know when you got the warning. Its possible it detected a trojan in a old message but its most likely a message you got the same day if you check your mail daily.

[sargan]

No ... I only installed Bitdefender (purchased) for first time this week .... previous anti-virus did not highlight this issue.
Could be a false positive but seem to think more likley previous product did not pick it up

[sargan]

This was cross post at https://support.mozilla.org/en-US/questions/1250360

agree I'm asking in both forums .. I know they are different.

[sargan]

Well don't think its a false positive .... followed the step above to use Virus Total ....... it ran and had 5 providers all detect and confirm the same file as a virus Trojan.Phishing.MH
Though did not give (or so it seems) any option to disinfect or delete.

[sargan]

OK .. bit more info
If I scan inbox ... I get the notification of the Trojan.Phishing.MH
Inbox and App is on my C:\ I then scanned all the filed mail folders (mbox files as explained above) these are in my mail folder of E:\ drive ... that scans clean (everyone on of them)

It seems the Trojan is in the 'Inbox; index file on C:\ not the filed emails.

[DanRaisch]

It seems the Trojan is in the 'Inbox; index file on C:\ not the filed emails.

Which confirms that the trojan is in a fairly recently received message.
Did BitDefender identify the problem immediately after it was installed and run for the first time or only later, even if only by hours or days?

[sargan]

BitDefender was installed ... first thing it did was a scan ... and announced the issue.