Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Este fío arquivouse. Faga unha nova pregunta se precisa axuda.

MS Defender found a trojan in my profiles, have a few questions.

  • 5 respostas
  • 0 have this problem
  • 278 views
  • Last reply by w2dsx

w2dsx
w2dsx
more options

Greetings! MS Defender found a trojan (TrojanDownloader:Win32/Nemucod!ml) in my profiles. A family member let Defender "remove" it, while I would've left it alone and then come here to isolate it or somehow bottle it up.

My questions are this. Was this from an email stored in Thunderbird, or was it from something one of my kids opened up? And second, I'm guessing Defender did damage in removing it and my Tbird is now corrupt. If it is, should I do a back up emails, remove the program and re-install? Could this have been a false positive?

Thanks in advance!

messages posted by Defender as to where the trojan was: file: C:\Users\Computer\AppData\Roaming\Thunderbird\Profiles\9c9oqfbp.default\Mail\pop.optonline.net\Inbox->(part56947:Statment-459685.html) file: C:\Users\Computer\AppData\Roaming\Thunderbird\Profiles\9c9oqfbp.default\Mail\pop.optonline.net\Inbox->(part56589:Statment-2564896.html)

Greetings! MS Defender found a trojan (TrojanDownloader:Win32/Nemucod!ml) in my profiles. A family member let Defender "remove" it, while I would've left it alone and then come here to isolate it or somehow bottle it up. My questions are this. Was this from an email stored in Thunderbird, or was it from something one of my kids opened up? And second, I'm guessing Defender did damage in removing it and my Tbird is now corrupt. If it is, should I do a back up emails, remove the program and re-install? Could this have been a false positive? Thanks in advance! messages posted by Defender as to where the trojan was: file: C:\Users\Computer\AppData\Roaming\Thunderbird\Profiles\9c9oqfbp.default\Mail\pop.optonline.net\Inbox->(part56947:Statment-459685.html) file: C:\Users\Computer\AppData\Roaming\Thunderbird\Profiles\9c9oqfbp.default\Mail\pop.optonline.net\Inbox->(part56589:Statment-2564896.html)

Chosen solution

I have to reload Tbird and was wondering will I lose my account settings and old emails?

You'd be wasting your time re-installing Thunderbird. All your data such as messages, passwords and user preferences, and changes made while you use Thunderbird, are stored in a special folder called a profile. Your profile folder is stored in a separate place from the Thunderbird program, so that if something ever goes wrong with Thunderbird your information will still be there. It also means that you can uninstall Thunderbird and reinstall without losing your settings and data. It also means you don't have to re-install Thunderbird in order to fix a problem with the profile.

Should I attempt a backup?

It never hurts to create a backup. However, if the damage is already done, a backup at this time won't help you restoring anything that got lost already. If you do have a backup created prior to the incident you can restore that.

For the future, these are some generic suggestions to avoid problems with anti-virus software.

Create an exception in your anti-virus software for the Thunderbird profile folder, so that the anti-virus real-time scanner will not scan it. https://support.mozilla.org/en-US/kb/profiles-where-thunderbird-stores-user-data#w_how-to-find-your-profile

Don't let your anti-virus software scan incoming and outgoing messages.

Don't let your anti-virus software scan attachments.

Don't let your anti-virus software intercept your secure connection to the server.

Remove any add-ons your anti-virus software may have installed in Thunderbird.

Keep it working. http://kb.mozillazine.org/Keep_it_working_-_Thunderbird

And last but not least, backup your Thunderbird profile on a regular basis. https://support.mozilla.org/kb/profiles-where-thunderbird-stores-user-data#w_backing-up-a-profile

Ler a resposta no contexto 👍 1

All Replies (5)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

Judging from the report, it looks like some bad attachments in the Inbox file. Is the Inbox file still there? Is it still enormous? I don't know whether Defender knows how to cleanly excise individual attachments (or messages with attachments) from mailbox files, but the reference to a "part" is promising. (I definitely don't have any personal experience with it.)

w2dsx
w2dsx Question owner
more options

Inbox is still there, it is still slow (but not as bad as it was when Defender found it) and doesn't unload from the server. I went back and checked for attachments or the email that may have done it, but couldn't find it or what's on the servers for each account. We have been getting bombarded by spam, all from gmail accounts and one address that references Collegevine. My collegiate has no idea how they got our email thought.

Anyways, I have to reload Tbird and was wondering will I lose my account settings and old emails? Should I attempt a backup? And thanks for getting back to me!

Best regards!

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

I'm no expert on cleaning up a slow Inbox. Hopefully when more people are online tomorrow you'll get some good tips.

christ1
christ1
  • Top 25 Contributor
more options

Chosen Solution

I have to reload Tbird and was wondering will I lose my account settings and old emails?

You'd be wasting your time re-installing Thunderbird. All your data such as messages, passwords and user preferences, and changes made while you use Thunderbird, are stored in a special folder called a profile. Your profile folder is stored in a separate place from the Thunderbird program, so that if something ever goes wrong with Thunderbird your information will still be there. It also means that you can uninstall Thunderbird and reinstall without losing your settings and data. It also means you don't have to re-install Thunderbird in order to fix a problem with the profile.

Should I attempt a backup?

It never hurts to create a backup. However, if the damage is already done, a backup at this time won't help you restoring anything that got lost already. If you do have a backup created prior to the incident you can restore that.

For the future, these are some generic suggestions to avoid problems with anti-virus software.

Create an exception in your anti-virus software for the Thunderbird profile folder, so that the anti-virus real-time scanner will not scan it. https://support.mozilla.org/en-US/kb/profiles-where-thunderbird-stores-user-data#w_how-to-find-your-profile

Don't let your anti-virus software scan incoming and outgoing messages.

Don't let your anti-virus software scan attachments.

Don't let your anti-virus software intercept your secure connection to the server.

Remove any add-ons your anti-virus software may have installed in Thunderbird.

Keep it working. http://kb.mozillazine.org/Keep_it_working_-_Thunderbird

And last but not least, backup your Thunderbird profile on a regular basis. https://support.mozilla.org/kb/profiles-where-thunderbird-stores-user-data#w_backing-up-a-profile

w2dsx
w2dsx Question owner
more options

Apparently someone in my family had this issue recently and I missed how it was dealt with that last Trojan. Despite doing the slow search in Defender and then a Bitdefender malware search, I wonder how clean the computer is. Anyways, the cure to my Thunderbird hanging at start-up was a very simple safe mode restart. Doing that just once and letting it compact a couple of times has it running like a top. Thanks to all who responded!

w2dsx modificouno o