This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

PWS:HTML/Phish.QA malware

  • 2 cavab
  • 0 have this problem
  • 19 views
  • Last reply by kgw319

more options

Hi Thunderbird has been my go to app for email for years but in the last few years I find that in windows, it triggers MS defender quarantining PWS:HTML/Phish.QA. Apparently it tries to capture passwords. It seems to pop up a couple of times one after the other and then again maybe each hour or so. Microsoft help people when I asked them about this a year or two ago said just tag it for the anti virus software to ignore it. I was uneasy about that advice. I have solved it in the past by installing separate anti virus packages which seem to ignore it, but I would rather not deal with all that if possible. The offending file seems to be in a sent email folder in an imap folder so it comes up each time I do a new install on a windows machine.

Could someone point me in the right direction? Is it a matter of finding and deleting something in a sent mail folder? Probably more complicated than that . . .

Cheers, Ken

Hi Thunderbird has been my go to app for email for years but in the last few years I find that in windows, it triggers MS defender quarantining PWS:HTML/Phish.QA. Apparently it tries to capture passwords. It seems to pop up a couple of times one after the other and then again maybe each hour or so. Microsoft help people when I asked them about this a year or two ago said just tag it for the anti virus software to ignore it. I was uneasy about that advice. I have solved it in the past by installing separate anti virus packages which seem to ignore it, but I would rather not deal with all that if possible. The offending file seems to be in a sent email folder in an imap folder so it comes up each time I do a new install on a windows machine. Could someone point me in the right direction? Is it a matter of finding and deleting something in a sent mail folder? Probably more complicated than that . . . Cheers, Ken

All Replies (2)

more options

Just delete the offending email from the sent folder on the server. If it is an IMAP account and I think it is based on what you say then that will be the end of it forever.

more options

Thanks Matt, it is an IMAP account. Defender doesn't give me a link to a particular email, only to a profile folder which I think it probably a large folder. How can I identify which email it is?