HI, can anyone help, I keep getting a message telling me a trojan horse was found, and advising me to delete, but when i do delete, i get a message saying avast cannot find the file, if I click ok, i just get the avast warning again, telling me ‘a trojan horse was found’
can anyone help. details below
File Name Mail\Inbox<Subj: [Bulk] Statement of fees 2008/09>\Fees_2008-2009.zip\Fees_2008-2009.doc.exe[UP
Malware Name Win32:Fraudo [trj]e
Malware type Trojan Horse
VPS version 080913-0, 13/09/2008
When I click on delete I get a message saying ‘The system cannot find the file specified’ then says 'cannot process Mail\Inbox<Subj: [Bulk] Statement of fees 2008/09>\Fees_2008-2009.zip\Fees_2008-2009.doc.exe[UP
File seems indeed infected. Can you manually delete the mail by webmail?
Which is your email program? I won’t suggest you, right now, delete the mailbox or you’ll lose all your email in the inbox…
I rather doubt the advice/recommendation was to delete as Move to the Chest is the normal recommendation.
First you don’t say what email program you use ?
The problem is as I see it scanning old emails where there is an infected email in your Inbox. This can be fraught with danger as you could lose all email in the Inbox if you chose to delete it.
Most email programs don’t store emails as individual files but collected together inside a single database file (sorry if I’m teaching you to suck eggs) and trying to extract a file within these databases could corrupt them with the possible loss of email in that database.
You may be better opening the Inbox and trying to manually find the [Bulk] Statement of fees 2008/09 email with the infected attachment Fees_2008-2009.doc.exe (not the double file type common trick) and delete it manually. Once you have done that empty the deleted emails folder and compact the email folders.
The “'cannot process Mail\Inbox.…, etc.” is probably an indication of what I said above it can’t safely process the removal.
You would be advised not to use the Inbox for general email storage as this email database file is the most commonly corrupted (not necessarily by an AV), treat it as a Pending Tray, once you have opened and read an email, place it in a folder more appropriate to its content.
I use Microsoft Outlook, and the warning came up as soon as the e-mail came in, it was junk mail, and I didn;t open it. i deleted the e-mail, then deleted it from my deleted items folder, but i’m still getting the ‘Warning - A Trojan Horse was found’ - it says recommended action delete, but when i click on delete, i get the message avast - the system cannot find the cannot find the file specified. wjen i click on ok, i get the original virus message again straight away
Well that one doesn’t look like it was detected on the way in as you should be able to delete it as the scanning takes place outside the email folders and only if you allow it would it end up in the Inbox .pst folder.
I don’t use Outlook or consequently the Outlook/Exchange provider.plug-in. I think that it may be scanning the archived messages when you open the Inbox, etc. (uncheck this option) and that could be the cause of the alerts.
is the AVAST outlook plug in activated? ( I do not use outlook) but if there is a setting move it to high
best Idea I see so far is to search for this in outlook folder and delete the regular way
you might want to backup/ copy your outlook files
Incidentally if this is still in an e-mail attachment and you have not clicked it is hard for it to hurt you
and the “do not scan archeves” is xxxjust saw your postxxx WAS an answer till a better one comes along
so not to panic
Just in case this thing got loose
YOu might want to scan with an antispyware scanner (after backing up)
if w2k or later Malware bytes Anti Malware check any hits and Click REMOVE- a backup will be made
spybot search and destroy
Super Anti Spyware
quarantine any hits do not delete/remove
post logs with any hits without cookies
I didn;t open the mail or the attachment, just deleted it, and then deleted from my deleted items folder, i’ve checked all other folders, and its definitely gone, but i;m still getting the virus alert, and its still telling me it cant find the file when i try to delete or move to the vault. Its driving me mad
Do the other steps
There are some nasties out there that come in out of the eather
or myspace, facebook, P2P, IM and other ways
we still think it’s there somwhere lurking
does outlook have a preview feature, was there a foreward lots of ways
do not disable-reenable restore point now
http://forums.majorgeeks.com/showthread.php?t=35407
and go down the list
BUT look at the quarantine folders and see if anything is last few days or skip this till later unless it becomes a problem
do run the CCleaner part
post back after the scans previously mentioned in my other post
you can peek at the next appropriate page but please DO NOT RUN COMBOFIX on your own
I really prefer to have a backup and all virus and easy to get Antimalware gone first subsequent batch file preparation and recovery from any problems takes a real COMOBFIX expert- and that is not ME
there are other ways that work and are not as risky
We thrive on information, so what is the reported location, etc. ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.
13/09/2009 18.18.03 SYSTEM 1972 Sign of ‘Win32.Fraudo[trj]’ has been found in Mail\Inbox<Subj: [Bulk] Statement of fees 2008/09>\Fees_2008-2009.zip\Fees_2008-2009.doc.exe[UP
you’ve searched you inbox and no such message
perhaps it’s in the index to the messages file- but’ it has to be some whhere
in a cache ( MS has that quick open thingie) or Temp
what I do know is that outlook and outlook express are delicate and you do NOT want to nuke things without someone Expert with Outlook to advise you
did OUTLOOK EDIT FIND MESSAGE (or message in this folder) find anything?
we’ll find it sooner or later but for now not to worry
what I am concerned about are these Friends all part of a Vundo or fraud 2008 infection
tt7.tmp.vbs - VBS:Malware-gen
.tt1.tmp.vbs - VBS:Malware-gen
agpqlrfm.exe - Win32: Vassup-BQ[Adw]
clbdll.dll - Win32:Vundrop[Drp]
kgxmotapktx.dllA- Vapsup-EB[Adw]
kvxqmtre.dll- Win32:Agent-LTS[trj]
qndsfmao.dll- Win32:Trojan-gen{Other}
xpa.exe- Win32:Fraudo[trj]
xpa_2008[1].exe- Win32:Fraudo32[trj] <<>>
I’d like to make sure non of them are around - hiding usually in Temp or the registry
That’s why I asked you to do the other scans
I’ll be really happy if you only have the one detect in an Outlook file
I had another virus come in, on a similar type e-mail this evening when i opened Outlook, and got the Avast warning, but instead of deleting as recommended I moved it to the vault, and that seems to have done the trick with that one, but i’m still getting the Avast warning for the original one.
Then you have to try and find it and importantly do as suggested compact the folders. An email like a file, when deleted doesn’t actually get deleted, but the file table reference to it gets deleted.
So the content of the email is still within the relevant .pst file, be that the inbox or deleted emails folder, just the reference to it is removed, compacting the folders actually removes the remnants.
ah compacting folders is a great idea
I left it off the list but one of these late malware infects the clipboard
so after compacting try a couple of theose anti-malware scans and let’s find out if you’re clean
late into this. i also have the same file:
\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Personal Folders\Top of Personal Folders\Deleted Items\Statement of fees 2008\09\Fees_2008-2009.zip\Fees_2008-2009.doc.exe
wondering if you’d be so kind as to explain in more detail how to go about “compacting the folders”
and a more general question: how serious a threat is the file left unopened.