Przeszukaj pomoc

Unikaj oszustw związanych z pomocą.Nigdy nie będziemy prosić Cię o dzwonienie na numer telefonu, wysyłanie SMS-ów ani o udostępnianie danych osobowych. Zgłoś podejrzaną aktywność, korzystając z opcji „Zgłoś nadużycie”.

Więcej informacji

Trojans Threat Alerts when Thunderbird is Opened

  • 1 odpowiedź
  • 1 osoba ma ten problem
  • 1 wyświetlenie
  • Ostatnia odpowiedź od Stans

more options

I started having a problem yesterday where if I have Thunderbird open, I continue to get numerous 'Threat Found' notifications from Windows Defender regarding 2 Trojan viruses.

  • Trojan:Script/Wacatac.B!ml
  • TrojanDownloader:Win32/Nemucod!ml

Below I've included the file paths for 'Affected Files'.

If I uninstall Thunderbird completely, run the virus scans / clean laptop and then re-install Thunderbird, will that help the situation? What about my actual email service? I've already changed my password but I don't how these files arrived (I don't know from which email) and so looking at header for IP to block isn't a useful setup (yet). Given the file paths (see below), are these coming in via email and how do I stop it if I don't know which emails they are coming in on, specifically the part1788:Package.zip files.

Here's what I've noticed: 1. Once I close Thunderbird and finish running removal and scans with Windows defenders, the Threat notifications stop. As soon as I open Thunderbird, the notifications start up again.

2. Yesterday, emails I sent late in the day had attachments such as part2.YaqiOQSc.bq3wtLf4 . Does this mean that I am now passing on infected files?! See uploaded image for an example of these attachments.

Help please!!

Affected items: file: C:\Users\[name]\AppData\Roaming\Thunderbird\Profiles\r4uh2f0v.default-release\ImapMail\secure.emailsrvr.com\INBOX->(part5063:Your-Generated-Divi-child-theme-template-by-DiviCake.zip)

file: C:\Users\[name]\AppData\Roaming\Thunderbird\Profiles\r4uh2f0v.default-release\ImapMail\secure.emailsrvr.com\INBOX->(part8412:cf7-lasso-v1.2.zip)

file: C:\Users\[name]\AppData\Roaming\Thunderbird\Profiles\r4uh2f0v.default-release\ImapMail\secure.emailsrvr.com\INBOX->(part1788:Package.zip)

file: C:\Users\[name]\AppData\Roaming\Thunderbird\Profiles\r4uh2f0v.default-release\ImapMail\secure.emailsrvr.com\INBOX->(part1793:FP.zip)

I started having a problem yesterday where if I have Thunderbird open, I continue to get numerous 'Threat Found' notifications from Windows Defender regarding 2 Trojan viruses. * Trojan:Script/Wacatac.B!ml * TrojanDownloader:Win32/Nemucod!ml Below I've included the file paths for 'Affected Files'. If I uninstall Thunderbird completely, run the virus scans / clean laptop and then re-install Thunderbird, will that help the situation? What about my actual email service? I've already changed my password but I don't how these files arrived (I don't know from which email) and so looking at header for IP to block isn't a useful setup (yet). Given the file paths (see below), are these coming in via email and how do I stop it if I don't know which emails they are coming in on, specifically the part1788:Package.zip files. Here's what I've noticed: 1. Once I close Thunderbird and finish running removal and scans with Windows defenders, the Threat notifications stop. As soon as I open Thunderbird, the notifications start up again. 2. Yesterday, emails I sent late in the day had attachments such as part2.YaqiOQSc.bq3wtLf4 . Does this mean that I am now passing on infected files?! See uploaded image for an example of these attachments. Help please!! ************ Affected items: file: C:\Users\[name]\AppData\Roaming\Thunderbird\Profiles\r4uh2f0v.default-release\ImapMail\secure.emailsrvr.com\INBOX->(part5063:Your-Generated-Divi-child-theme-template-by-DiviCake.zip) file: C:\Users\[name]\AppData\Roaming\Thunderbird\Profiles\r4uh2f0v.default-release\ImapMail\secure.emailsrvr.com\INBOX->(part8412:cf7-lasso-v1.2.zip) file: C:\Users\[name]\AppData\Roaming\Thunderbird\Profiles\r4uh2f0v.default-release\ImapMail\secure.emailsrvr.com\INBOX->(part1788:Package.zip) file: C:\Users\[name]\AppData\Roaming\Thunderbird\Profiles\r4uh2f0v.default-release\ImapMail\secure.emailsrvr.com\INBOX->(part1793:FP.zip)
Załączone zrzuty ekranu

Wszystkie odpowiedzi (1)

more options

The path C:\Users\[name]\AppData\Roaming\Thunderbird\Profiles\r4uh2f0v.default-release is for your Thunderbird profile folder. See Profiles - Where Thunderbird stores your messages and other user data

As for the infected items, why don't you search for them in Thunderbird using their file names then delete? You've got: Your-Generated-Divi-child-theme-template-by-DiviCake.zip cf7-lasso-v1.2.zip Package.zip FP.zip

Use Thunderbird's (global) search. You should add the profile folder to Defender's exclusions to avoid conflict. You can't have Thunderbird and Defender fighting for control over files that are used for Thunderbird's normal functioning.