This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

trojan.phishing.mh

  • 6 replies
  • 1 has this problem
  • 1 view
  • Last reply by Matt

more options

Bitdefender 2019 Internet Security run a scan and advise a trojan is located in Thunderbird files: The specifc malware is Trojan.Phishing.MH and is located here: C:\Users\Rick\AppData\Roaming\Thunderbird\Profiles\4ttn729w.default\Mail\pop3.btconnect.com\Inbox=>(message 394)

I tried Malware bytes .. failed to detect or remove it ..... how can I remove this, can I delete specific message ?

Latest ver of Thunderbird on W10 64bit

Bitdefender 2019 Internet Security run a scan and advise a trojan is located in Thunderbird files: The specifc malware is Trojan.Phishing.MH and is located here: C:\Users\Rick\AppData\Roaming\Thunderbird\Profiles\4ttn729w.default\Mail\pop3.btconnect.com\Inbox=>(message 394) I tried Malware bytes .. failed to detect or remove it ..... how can I remove this, can I delete specific message ? Latest ver of Thunderbird on W10 64bit

Chosen solution

no the "number" is some sort of arbitrary thing invented by your anti virus product. As I took great pains to say, the email in question is probably already deleted. Did you compact and rescan to confirm it was gone or just come back with that question? I must ask as 35 minutes does not sound like long enough to do a full rescan especially as I doubt to you the message as soon as I posted and your reply took time to type.

Read this answer in context 👍 0

All Replies (6)

more options

One of the reasons we do not encourage scanning of mail is the "threats" are completely harmless. Thunderbird simply does not run the scripts that malware depends on in the mail client. So in the specific case of a phishing email then your only risk is in clicking the link and going to the web site it contains.

I would assume bit defender is scanning your web movements, so why raise a flag on something innocuous, Simply to make you think it is actually doing something is the primary reason and to reinforce your fears so you keep using their product. The anti virus/Security industry relies on consumer ignorance and the judicious use of fear mongering as their sales pitch. They really don't let the facts get in the way much at all.

In all probability the message refered to has been deleted but lingers on in the file because it has not been compacted as yet. SO you could try compacting as a method of getting rid of the useless message. (appmenu > File > compact folders)

more options

OK thanks for comments. Can I search for that particular email from its msg number ?

Would like to remove it if I can ... or it will throw up error every time it scans ...

more options

OK thanks for comments. Can I search for that particular email from its msg number ?

Would like to remove it if I can ... or it will throw up error every time it scans ...

more options

Chosen Solution

no the "number" is some sort of arbitrary thing invented by your anti virus product. As I took great pains to say, the email in question is probably already deleted. Did you compact and rescan to confirm it was gone or just come back with that question? I must ask as 35 minutes does not sound like long enough to do a full rescan especially as I doubt to you the message as soon as I posted and your reply took time to type.

more options

Yes I did compact ... and did rescan same error .. same message number, hence my question. I had done this earlier today when Infirst started seeing the issue. Had seen the comment to compact on a Google search.

more options

I would suggest creating an exception for the Thunderbird profile in bit defender so your stored email is not scanned. Then you will not get these messages.

Or you could delete all the mail one at a time until you locate whatever it is bit defender does not like. Or manually count to the 394 oldest email and hope it counts from oldest to newest and does not skip any.

Or you could ask bit defender how to locate the individual email they have identified in the file. After all it is their message you are responding to.