[pchelpers] Re: bit defender 10 / thunderbird email #250

Hi Re-Na

> I ran bit defender 10 today on my vista laptop.
> It found an infected email in Thunderbird.  But it was not able to 
> delete it.  It gave me the location but said it was email #250.  No 
> subject was showing. It listed my profile.  But nothing like a subject 
> or 'from' to help me identify the email.  No viruses are on my computer 
> so apparently the email has an attachment and I've not opened the 
> attachment to infect the computer. 
> How can I find out which email in the inbox is #250?  Or other suggestions?

Many experts say that scanning emails with antivirus programs is not 
only completely senseless but that using them to delete infected emails 
causes much more damage to emails (and much more often) than any virus 
or malware ever does or did.

The reason email scanning is useless is because any malware that is "in" 
an email does not really exist as a real malware file (and is not at all 
active) unless you try to open the attachment or (rarely) the email 
itself, and the antivirus will prevent you from doing either anyhow, so 
there is no need to remove the "infected" email. If the idea of leaving 
such an email in your email program at first upsets you, it'll help you 
to realise that it's completely harmless in the sense that it's really 
only a recipe for malware, not malware itself. The email does not 
contain the malicious code as a real, executable file - all it contains 
is the conversion of the code into a text file full of letters and numbers.

Some antivirus programs only scan email but do not try to delete any 
because they know it can cause corruption and can destroy all your 
email, not just the "infected" one. Many AVs however do try to mess 
around in the stored emails, and these AVs are the main cause that many 
people suddenly lose entire folders or all their email. (Often the inbox 
or other folder is "only" moved into the AV's quarantine folder, which 
most users however do not know how to get back, but the folder is often 
corrupted and then hard or impossible to recover even for experts.)

If you want to nevertheless remove such an email containing a malware 
"recipe", you can do that safely by manually deleting it yourself in 
your email program. You said that the BitDefender scan report doesn't 
tell you the email subject but tells you the location, so do you know in 
what folder the email is? Since BitDefender stupidly doesn't use the 
message IDs in the Thunderbird text files (which are the contents of 
each folder) and instead apparently counts the emails, you have to do 
something like one or more of the following to find the "malicious 
recipe" email:

1) Try to find the 250th message in the folder after clicking on the 
"order received" column's heading. (If that's not visible, click on the 
little icon to the right of the column headings "sender, subject" etc. 
If it doesn't look suspicious, try the 250th from the other end.

2) Move half of the emails in the original folder A to a new folder B1 
and the other half into a new folder B2 and rescan with BitDefender. 
Move the emails in the folder that BitDefender now says is clean back 
into A. Take out half of the emails of the dirty folder (B1 or B2) that 
BD now says contains the baddy and put them in the other folder (B1 or 
B2) and repeat the process.

Even if you don't know the story about the inventor of the chess game 
and the king that ended up owing him more grain than existed in his 
kingdom, you will perhaps see that this process of dividing in half will 
surprisingly quickly locate the "infected" email, especially if you make 
BitDefender scan only folders B1 and B2.




-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: