Can Opening a Folder Trigger a Trojan?
My Windows 10 computer has been infected with TrojanDownloader:JS/Nemucod. This is a particularly nasty infection that quickly downloads and installs other programs. Windows Defender - the anti-virus/anti-malware utility I'm using that is included with Windows 10 - is finding and attempting to deal with the infections, and it seems able to remove them temporarily...
...until I open a particular message folder in Thunderbird, after which I'm quickly alerted that the infections are back. I'm also alerted that they're back after I open Settings in Thunderbird for the email account associated with the folder.
There's a message in the folder - the most recent one - that I strongly suspect is the source of the problem. I'd like to delete the message and see if that helps, but Thunderbird crashes each time I left-click the message to select it and then either right-click and select Delete Message from the context menu or press the Delete key on the keyboard. I've tried this with the Message pane both open and closed (I pressed F8 to close it), but the result is the same. I've also tried deleting Trash folders in case they were corrupted, as described on https://support.mozilla.org/en-US/kb/cannot-delete-messages , but that didn't help.
From what I've read in the support forums, such as https://support.mozilla.org/en-US/questions/1210862 , I don't understand how I got the infection in the first place. I'm always careful with suspect emails, and I'm reasonably sure I didn't open the suspect message.
Have any of you dealt with anything like this?
Thanks!
Mitchell
Tutte le risposte (1)
The problem could have been downloaded via a browser and not necessarilly an email. The crashing could be because that virus is using a lot of computer memory and messing with all kinds of files and worse.
When you attempted to run AV software to locate and deal with that virus, did you start your computer in Safe Mode first? Exit all programs. Start your computer in 'Safe Mode' .
Create a new folder on desktop called 'Temp tb' Then start Thunderbird. select that 'particular message folder' Highlight all emails in folder. Right click on highlighted emails and choose 'Save as' Save as .eml files in the 'Temp tb' folder.
This saves each email as a single file. Then scan that new folder containing the .eml files. If all is ok, you will know it is not an email.
If it says one of those eml files is bad, then you will know which email is causing the issue. The AV should kill that bad eml file. Now locate and delete the the bad email in thunderbird folder. Finally, Right click on that particular message folder in Folder Pane and select 'Compact. This removes all marked as deleted emails. Empty the Trash.
Exit Thunderbird.
However, it is possible you accidentally downloaded that virus via a browser.
Now run a full scan on computer to detect and kill virus.