Bitdefender found trojans in my Thunderbird Profiles
Thunderbird has been running slow and locking up frequently. I just completed a complete Bitdefender scan of my computer. It is reporting that there are Trojans and showing them in my TB profiles.
If I tell Bitdefender to clear it out, I get a message that says to manually delete the attachments from the email client but it doesn't tell me where they are.
How do I get rid of the trojans without loosing years worth of email messages?
From the log, I have a lot that look like this: C:\Users\Linda Dickinson\AppData\Roaming\Thunderbird\Profiles\vus1oehd.Linda-3\Mail\Local Folders\Archive.sbd\Darol.sbd\Darol-2021=>message 363719: [Date: 26 Mar 2021 01:40:23 -0700] [From: CHEN XIAOYU>info@chinaporousfilters.com] [Subject: Re:: PROFORMA INVOICE AND BANK DETAILS]=>[Subject: Re:: PROFORMA INVOICE AND BANK DETAILS][Date: 26 Mar 2021 01:40:23 -0700]=>INVOICE 25667833822..rar=>INVOICE 25667833822..exe Trojan.GenericKD.45974407
By a lot, I mean over 5K. I know I could run a search in thunderbird for that Subject line and delete them. But there are many many different subjects. The PROFORMA INVOICE one seems to be the vast majority of them though.
Svi odgovori (1)
I would have to ask, why bother?
Any attachment stored in Thunderbird is stored as plain text, not in a form where the included malware could activate. So in storage they are completely inert.
Should you choose to open the attachment, or save it, your antivirus product has already shown it can detect the virus/malware. So it will stop you or anyone else doing so at the time you interact with it.
The other side of that coin is you might want to try actually saving one of those attachments and see if bitdefender still thinks it is malware. False positives are common where some "malware" is concerned and suddenly finding thousands of preexisting malware infections in data that has been in storage on your system for more than 2 years sounds like a false positive really.
A google search for Trojan.GenericKD lists a lot of false positives. The malware tips web site shows the threat as Trojan.GenericKD is a heuristic detection designed to generically detect a Trojan Horse. Unfortunately heuristic detection are frequently false positives.
F-secure does offer that this is "A generic detection has identified a program or file that has code or behavior similar to trojans." I would suggest trying one of the "other" online virus scanners and see if you get the same result.