Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

backdoor.breut somewhere in INBOX

  • 5 replies
  • 1 has this problem
  • 1 view
  • Last reply by LuSam

more options

Hiya all the dedicated Mozilla Support people,

The last 3 days, Symantec has been notifying me of finding a risk "Backdoor.Bruet" and specifies the file location:

C:\Users\Lucia\AppData\Roaming\Thunderbird\Profiles\jkwxs3ov.default\ImapMail\mail.stockwatch-1.com\INBOX>>Unknown033EABBB.data>>invoice,.rar>>invoice,\

The INBOX is a Thunderbird file that I do not know how to access (except through Thunderbird of course).

Symantec identifies and LOGS the risk, but then does the LEAVE ALONE option and is Remediation Status is UNSUCCESSFUL - CLEAN SECURITY RISK FAILED. QUARANTINE FAILED.

I have been up and down my 1000s of emails, and have not been able to find the culprit email, so have not deleted it yet. I am not keen on deleting the INBOX file, but am willing to try. I am using the IMAP function, so the email may be on our email server too.

Please advise how I might locate the infected email and remove Backdoor.Bruet from my computer. Also, please advise if this might have infected my iPhone 5s as I use it for emails too.

Thanks Mozilla Support Community!

PS. I love Thunderbird and Firefox. Best email and web tools ever! PPS. My image is not uploading, but I have several. I will post this question to proceed. I have screen shots, if needed.

Hiya all the dedicated Mozilla Support people, The last 3 days, Symantec has been notifying me of finding a risk "Backdoor.Bruet" and specifies the file location: C:\Users\Lucia\AppData\Roaming\Thunderbird\Profiles\jkwxs3ov.default\ImapMail\mail.stockwatch-1.com\INBOX>>Unknown033EABBB.data>>invoice,.rar>>invoice,\ The INBOX is a Thunderbird file that I do not know how to access (except through Thunderbird of course). Symantec identifies and LOGS the risk, but then does the LEAVE ALONE option and is Remediation Status is UNSUCCESSFUL - CLEAN SECURITY RISK FAILED. QUARANTINE FAILED. I have been up and down my 1000s of emails, and have not been able to find the culprit email, so have not deleted it yet. I am not keen on deleting the INBOX file, but am willing to try. I am using the IMAP function, so the email may be on our email server too. Please advise how I might locate the infected email and remove Backdoor.Bruet from my computer. Also, please advise if this might have infected my iPhone 5s as I use it for emails too. Thanks Mozilla Support Community! PS. I love Thunderbird and Firefox. Best email and web tools ever! PPS. My image is not uploading, but I have several. I will post this question to proceed. I have screen shots, if needed.

All Replies (5)

more options

Chosen Solution

more options

UPDATE: I am continuing to investigate and have found the INBOX file and another blog suggested opening it with a text editor, which I did. I think I have found the offending email text (boy is it 1000's of lines long with alot of MIME gibberish to hide in). Interestingly, the original email has already been deleted, but the "content" of the email remains in the INBOX file. So, I guess this is what Symantec is finding.

Question: Can I delete the offending lines from my INBOX file without losing my other emails?

Now I'm finished for the day and will take a look at this thread tomorrow.

more options

That sounds promising Matt! Thank you. I will try that first thing in the morning. I have to catch a train...

more options

It is not only promising, based on the extra information you posted it will fix the issue once and for all.

more options

Thanks Matt! Using Compact folder on my INBOX in Thunderbird, did in fact clean out the orphaned text of the deleted email that was causing the Virus found warning. My new scan was clean.

I will adjust my settings to "compact" my Thunderbird folders more often now that I know about it.

Nice to have solved this fairly easily.

Thanks again.