Trying to remove win32:mytob-nj

Hello,

I just ran an avast scan and it found win32:mytob-nj [wrm] in my Outlook backup.pst file. The file is too large to move to the chest. Can you please tell me how to remove this worm?

Thank you!

What avast version are you using 4.8 or 5.0 ?

It is best not to scan these .pst files as trying to remove an infected email from it could corrupt the .pst file with the loss of access to all of the emails in it.

The detections should probably have given enough details on the email, subject, etc. to be able to oprn the backup (.pst ) email folder and find the suspect/detected email (most certainly one with an attachment) and delete it manually within MS Outlook, then empty the Deleted emails folder and then compact the folder.

I’m running 4.8.

Regarding the scan, I am just running a normal “thorough scan” and assume that it must run through the .pst files as well. The funny thing is that I have my Outlook backed up on an external drive that is not connected to my laptop at the moment, so I guess the back up file avast found is something that my computer does automatically and locally, unknown to me.

I haven’t opened Outlook since the worm warning appeared in fear that my thousands of business contacts may receive an infected email from me. (I’m a layman when it comes to these things).

You would only be at risk if you opened that backup.pst file with Outlook and then opened the suspect email and ran the attachment. Even then avast’s resident scanner on-access scanner (Standard Shield) would scream like a banshee blocking the running if you tried to execute it.

Especially since this is as you say “I have my Outlook backed up on an external drive that is not connected to my laptop at the moment,” even if it were connected the Outlook local back-up to the external source, the suspect email isn’t being run.

It is the Thorough scan and presumably you also scan archives (see ~~~ below), which forces avast to scan backup.pst file.

So does this backup.pst file contain a complete copy of your Outlook emails ?

Unfortunately I don’t Use Outlook, so I can’t be a great deal of practical help with how it works and what it does in the way of backup, etc.

Thorough is also by its design very thorough (it scans all files) and perhaps a little overkill for routine use, were a Standard scan without archives should be adequate. Archive (zip, rar, etc.) files are by their nature are inert, you need to extract the files and then you have to run them to be a threat. Long before that happens avast's Standard Shield should have scanned them and before an executable is run that is scanned. 

I have only ever done a Through Scan with Archives once shortly after installation just to ensure a clean start state, but with XP for example avast will do a boot-time scan after installation if you select it, this I believe will be quicker and reasonably effective. Like everything in life things are a compromise.

I imagine that the backup on my external drive contains a complete copy of the emails because the backup file is huge (over 1GB). (I work with the press and receive oodles of emails with attachments, many which I file for later reference.) I’m not sure about this local copy that avast if finding on the C drive.

Since continuing to work as normal sounds like it will have no negative effect on my laptop or my contacts, I will proceed as normal with my work. Unless you think I should tackle removing the little bugger.

Your help has been much appreciated!

Me, I would be investigating:

  1. if I could mount (geek for open using ms outlook) the backup.pst file and see if you can’t find the infected email and delete it as I suggested earlier.

  2. How MS Outlook backs up the existing installations emails, now if that is backing up to the backup.pst then you could see if it can be renamed to say backup_old.pst and see if Outlook would recreate the backup.pst file and backup your existing emails.

However, assumption is a bad thing when it comes to the possible loss of emails, so you have to be sure and not assume.

If all of this was important to me I would be learning how to backup my system to avoid any computer disaster, not just virus related. Hard disk imaging software is just one such option that can restore an exact image of what was on your disk when that image was taken. Done weekly it is a relatively simple task to restore the last backup image.