I just downloaded avast and ran the first scan. A trojan was found called Phish-Bankfraud1-Troj [Htm]. It is stating that it is located in C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\uiqivj24.default\Mail\spinalalignment.com\Inbox
I read not to delete my inbox so I haven’t, but I have moved all of my email out of the inbox.
Repair, move to chest don’t work
I ran Trend PCcillin but it doesn’t see the trojan. This is frustrating because I don’t know if this is a false positive or what.
Does the avast Log Viewer, Warnings section, not give more information, I think that it could have the email subject in there or possibly something to narrow the manual search, like did it have an attachment ‘likely,’ etc. sort the inbox by emails with attachments and check those first.
Thunderbirds own FAQ recommend that you don’t use the inbox for general storage as amongst other things an anti virus could delete it if an infection is found. The inbox is also the one most likely to become corrupted because it is the one that is likely to be open if you have a system crash it could be trashed, resulting in the loss of ALL those thousands of emails.
Treat your inbox as an in-tray stuff comes in is read and sorted into folders more appropriate to the content of the email, e.g. Newsletters, Receipts, Registrations, apart from making emails easier to find when they are categorised it also protects against total loss of all emails and don’t forget to back-up your emails. If an infected ‘old’ email was found it would also be easier to find in a smaller email folder.
I also have a Pending folder so stuff is moved out of the inbox if I have read it and haven’t yet actioned it, currently my inbox is empty as it is most of the time so if I lost my inbox no problem, a few emails might be lost, but I have my back-ups that may even recover them.
avast has never done a very good job of understanding Thunderbird email folders.
The problem is that Thunderbird email folders are just simply a plain text file that is not encrypted in any way. They simply contain the email messages one after another in the file. avast tends to categorize files not by filename or filetype (Thunderbird mail folders have no filetype in their filename). To avast the Thunderbird email folders look just like .eml files.
I recall that in a recent program update it was mentioned that avast had made some changes to try to avoid problems that previously existed where avast damaged irreversibly the email folders of some Thunderbird users when they were believed to be infected.
The on demand scanner is dealing with files and it does not provide any of the useful information that David was suggesting you look for - it is only the Internet Mail scanner in avast that really has the smarts to understand email format and attachments.
However to the best of my knowledge (and the last set of tests I conducted) avast can still only detect a problem in the very first message in a Thunderbird mail folder. That is the very first message placed in the folder by Thunderbird when the folder was new. It is not necessarily the oldest message in the folder but the chances are likely that it is.
Since you say that you have moved all of the messages out of the Inbox you have probably moved them to other folders. It is likely that the “infected” message is now not the very first message in a folder. In that case avast (the way it currently works) will never report the problem again for that message. I have Thunderbird folders containing deliberately planted viruses that are scanned by avast every week without a murmur.
The only caveat - remember that no message is every truly removed from a Thunderbird folder until you compact that folder. So after moving the messages out of the Inbox it is essential that you have compacted it to ensure the messages are really gone from the Inbox.
The same goes for the Trash folder(s).
The avast Internet Mail provider as I mentioned above, has the real email smarts, it will do a very good job of scanning your email and attachments and preventing any problems from getting into your Thunderbird mail store.
One last point … if you are using the Thunderbird Webmail extensions (or another third party program) to read mail from Hotmail, Yahoo, Gmail etc into Thunderbird and you want the avast Internet Mail provider to scan that mail then in the Internet Mail provider you will need to:
Click “Customize” > Redirect tab > uncheck the box “Ignore local communication” > OK > OK
If you do want to try to find any infected messages in your Thunderbird mail files then I have found that Panda online scan proved to be very capable of understanding the Thunderbird mail structure and reporting the viruses within messages quite helpfully.
I was going to suggest Panda but of course that’s the online scanner avast! always has problems with because of the unencrypted virus definitions.
I know Kaspersky has found traces of viruses I’ve sent to AV companies in my Thunderbird outbox in the past. I seem to remember it gave some details, but I’m not sure… Have to try a little experiment.