MozillaZine


Infected profile

User Help for Mozilla Thunderbird
Crabble
 
Posts: 12
Joined: October 31st, 2020, 4:50 am

Post Posted January 10th, 2021, 7:18 am

My AV software is flagging up that one of my TB profiles is infected. It says that it cannot remove it because it may have been moved, deleted or because it is simply unable to delete it.

The AV app says the profile is infected with an HTML Phishing file.

The path is C:\Users/User\AppData\Roaming\Thundrbird\smc... (the remainder of the profile name is not visible but there is a folder that could be the is one).

How can I deal with this? I am reluctant to delete the folder in case it messes up my profile.

TIA for any suggestions.

DanRaisch
Moderator

User avatar
 
Posts: 124067
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Post Posted January 10th, 2021, 9:49 am

How is the account set up in Thunderbird, as POP or IMAP? In Thunderbird the menu path is Tools->Account Settings->Server Settings->Server Type at the top right of the dialogue.

If POP, you definitely do not want to delete the file as it would mean deleting messages. Does the AV software not identify a specific file, or is that hidden at the end of the path string?

Which AV software are you running?

tanstaafl
Moderator

User avatar
 
Posts: 47300
Joined: July 30th, 2003, 5:06 pm

Post Posted January 10th, 2021, 2:00 pm

Try emptying the trash in every account and then compact all of the folders (physically remove any messages that are hidden from view and marked as deleted) using file -> compact folders. The AV scanner might be detecting a suspicious messages that was deleted. It doesn't know nor care that the message is deleted

You shouldn't need to delete the actual folder.

C:\Users/User\AppData\Roaming\Thundrbird\smc... seems unusual. I'd expect it to use a child directory within C:\Users\Windows_Username\AppData\Roaming\Thunderbird\Profiles

Crabble
 
Posts: 12
Joined: October 31st, 2020, 4:50 am

Post Posted January 13th, 2021, 9:29 am

@Danraisch Because AVG Internet Security Premium version (my AV software) is unable to display the full path of the profile, I'm not sure whether the profiling question is POP3 IMAP. My various email accounts are a mixture of the two.

@tanstaqafl I did as you suggested and emptied the Trash folder and for good measure also deleted the messages in my Spam and Junk folders.

I compacted the folders manually as well.

I then ran a Deep Scan using AVG. Unfortunately, my PC crashed and restarted halfway through, as it often does, but when I tried to run another Deep Scan using AVG it reported a clean bill of health. Previously when I have started a Deep Scan, it has reported to the one remaining infected file that it was unable to remove. So this points towards the issue being resolved.

As for the query over the path, I suspect this is a case of "my bad" and the path you specify is the correct one. Unless the scan I am running now flags up the issue again (which hopefully it won't) I won't be able to check the path again.

tanstaafl
Moderator

User avatar
 
Posts: 47300
Joined: July 30th, 2003, 5:06 pm

Post Posted January 13th, 2021, 10:09 am

I suggest you get a second opinion from a online AV scanner like ESET Online Scanner or VirusTotal. That doesn't require you to uninstall AVG. False positives are not unusual from AV scanners.

Crabble
 
Posts: 12
Joined: October 31st, 2020, 4:50 am

Post Posted January 14th, 2021, 4:32 am

No further malware found using ESET.

Job done. Thankyou both.

Return to Thunderbird Support


Who is online

Users browsing this forum: No registered users and 2 guests