We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Bitdefender found trojans in my Thunderbird Profiles

  • 1 reply
  • 0 have this problem
  • 10 views
  • Last reply by Matt

more options

Thunderbird has been running slow and locking up frequently. I just completed a complete Bitdefender scan of my computer. It is reporting that there are Trojans and showing them in my TB profiles.

If I tell Bitdefender to clear it out, I get a message that says to manually delete the attachments from the email client but it doesn't tell me where they are.

How do I get rid of the trojans without loosing years worth of email messages?

From the log, I have a lot that look like this: C:\Users\Linda Dickinson\AppData\Roaming\Thunderbird\Profiles\vus1oehd.Linda-3\Mail\Local Folders\Archive.sbd\Darol.sbd\Darol-2021=>message 363719: [Date: 26 Mar 2021 01:40:23 -0700] [From: CHEN XIAOYU>info@chinaporousfilters.com] [Subject: Re:: PROFORMA INVOICE AND BANK DETAILS]=>[Subject: Re:: PROFORMA INVOICE AND BANK DETAILS][Date: 26 Mar 2021 01:40:23 -0700]=>INVOICE 25667833822..rar=>INVOICE 25667833822..exe Trojan.GenericKD.45974407

By a lot, I mean over 5K. I know I could run a search in thunderbird for that Subject line and delete them. But there are many many different subjects. The PROFORMA INVOICE one seems to be the vast majority of them though.

Thunderbird has been running slow and locking up frequently. I just completed a complete Bitdefender scan of my computer. It is reporting that there are Trojans and showing them in my TB profiles. If I tell Bitdefender to clear it out, I get a message that says to manually delete the attachments from the email client but it doesn't tell me where they are. How do I get rid of the trojans without loosing years worth of email messages? From the log, I have a lot that look like this: C:\Users\Linda Dickinson\AppData\Roaming\Thunderbird\Profiles\vus1oehd.Linda-3\Mail\Local Folders\Archive.sbd\Darol.sbd\Darol-2021=>message 363719: [Date: 26 Mar 2021 01:40:23 -0700] [From: CHEN XIAOYU>info@chinaporousfilters.com] [Subject: Re:: PROFORMA INVOICE AND BANK DETAILS]=>[Subject: Re:: PROFORMA INVOICE AND BANK DETAILS][Date: 26 Mar 2021 01:40:23 -0700]=>INVOICE 25667833822..rar=>INVOICE 25667833822..exe Trojan.GenericKD.45974407 By a lot, I mean over 5K. I know I could run a search in thunderbird for that Subject line and delete them. But there are many many different subjects. The PROFORMA INVOICE one seems to be the vast majority of them though.

All Replies (1)

more options

I would have to ask, why bother?

Any attachment stored in Thunderbird is stored as plain text, not in a form where the included malware could activate. So in storage they are completely inert.

Should you choose to open the attachment, or save it, your antivirus product has already shown it can detect the virus/malware. So it will stop you or anyone else doing so at the time you interact with it.

The other side of that coin is you might want to try actually saving one of those attachments and see if bitdefender still thinks it is malware. False positives are common where some "malware" is concerned and suddenly finding thousands of preexisting malware infections in data that has been in storage on your system for more than 2 years sounds like a false positive really.

A google search for Trojan.GenericKD lists a lot of false positives. The malware tips web site shows the threat as Trojan.GenericKD is a heuristic detection designed to generically detect a Trojan Horse. Unfortunately heuristic detection are frequently false positives.

F-secure does offer that this is "A generic detection has identified a program or file that has code or behavior similar to trojans." I would suggest trying one of the "other" online virus scanners and see if you get the same result.