system
1
Hello,
I’m not sure where to seek help so I’ll just ask here, if no one minds …
I run the Avast virus program and here’s what it found:
Virus name: JS:Zerolin-2 [Trj]
File name: C:\Documents and Settings\DANIEL\Application Data\Identities{586E5880-C6B0-11D8-AA3A-81F672F8F359}\Microsoft\Outlook Express\Inbox.dbx
VPS version: 0445-2, 11/04/2004
Avast can’t zero in on which email is infected so it only gives the option of deleting the entire inbox! I can’t do that!! Can someone please help ??
Thanks very much in advance,
~Daniel
system
2
Hi,
this detection was added to avast definitions on 07.09.2004
so if you remember (or look it up in avast reports/Logs or WIN’s Event-Log),
WHEN you first got this AV-alert first):
- try identify the mail by its date
- or move the recent mails (since Sep.04 or so) from the INBOX to various new, empty mail folders and narrow it down like this
- or try an OnlineScan with www.bitdefender.com → if mailscanning is enabled there, it MIGHT give you the Subject of the infected/suspicious mail
After you know which mail it is
→ delete it with avast Shield paused, empty mail-trash and Compress/compact/CleanUp all Mailfolders afterwards. Then reenable avast shield
btw: imho this wouldn’t have happened with avast mailscanner module enabled → why don’t you use this, if you use outlook ?
P.S.: It usually isn’t a good idea, to keep tons of mails together in the INBOX
P.P.S.: make sure you have all WindowsUpdates applied (including those for IE & outlook), disable mailpreview and auto-opening of attachments in outlook, if you wish to use this notoriously unsafe Mail-program

system
3
Thanks for your prompt reply. I really appreciate it! 
I tried bitdefender.com but it did not alert me to any viruses in my outlook account. ???
I pretty much tried all you said but nothing came of it …
I have all processes “active”, even the mail scanner …
Not sure what to do next tho … :-\
~Daniel
system
4
sivlee,
this might work (or might not)
Install Mozilla Thunderbird, and set it for text only (disable html for your emails)
Then use the import tool to transfer your inbox contents contacts etc., once you have done that, let avast! do it’s job.
system
5
- or move the recent mails (since Sep.04 or so) from the INBOX to various new, empty mail folders and narrow it down like this
What about this ?
how many emails do you have in your inbox ?
Hi inthewildteam,
what’s the point of this… ? ???
avast should still find the script-virus in the INBOX (this time TB’S Inbox); and he would still not know which mail it is…
system
6
If you absolutely don’t want to get rid of it by deleting the entire content of your inbox, there’s no safe solution.
And Who is right: get yourself another mailprogram to avoid this in the future. (no means to offend you!)
There are a lot of free, safe solutions like Pegasus, iScribe, Vivian and Gemail. (the last one however only in German language)
Please do yourself a favor and abandon OutlookExpress as soon as possible 
Fast
system
7
of course there is… splitting up the INBOX: tedious, but that should do it (see above)
of course: all WindowsUpdates incl those for IE & OE must be applied first
system
8
of course there is… splitting up the INBOX: tedious, but that should do it (see above)
of course: all WindowsUpdates incl those for IE & OE must be applied first
I see what you mean, wow this might take some time. It means moving each single mail one by one, am I correct ?
Would the on-acces scanner, in default mode, alarm him while moving the files around, or does he have to scan each folder separately ?
system
9
@ whocares
the offending message rendered in text only would show a page or so of nonsense text after the message making it easier to identify which one to delete?
system
10
Hi inthewildteam,
as far as I gathered from the JS/ZEROLIN-descriptions, it would not be complete nonsense with weird fancy characters, but script language; might not be easy for inexperienced users to tell this apart from rather harmless HTML-mails or so
Never having used Outlook, I’m not sure if you can open the OE-INBOX in a texteditor; is it not compressed… ?
but this would be a worthwhile approach, too (inbox-file should be COPIED first, not worked on the original)
@fast: not exactly, first move the messages from the last two month or so together in a new mailfolder and recheck (because this malware doesn’t really exist for so long)
