Posted 13 October 2008 - 02:13 PM
I've been researching the problem of how to get worms out of Outlook Express's dbx files (or the Thunderbird equivalent) for a long time without finding a good answer. What I know so far is that if you can get an email that has a worm into the trash, empty the trash, run CCleaner to empty the recycle bin and then compress Outlook Express's trash folder (or all folders), then the worm will no longer show up in an antivirus scan. BitDefender's online scan is good at picking up some of these worms. Once in awhile, BitDefender will give some hint of text or a date or some piece of information that will help to identify which email is infected, but generally it identifies the emails by number and this number cannot be identified, if I understood correctly, because Microsoft will not allow the identification of the email numbers by associating them with their corresponding date or subject line.
That is, if an infected email is found in the Inbox, it will say that email 967 is infected, however, there seems to be no program which allows you to identify email 967 in such a way that it can be deleted directly from the Inbox.
If you circumvent Outlook Express's program and go directly to the Inbox file in Windows Explorer, there may be a way to identify approximately where this email is located by using some of the information offered on occasion by BitDefender, like ... The Garden of Eden is part of the email text body. However, deleting an email directly from the dbx file itself can render the dbx file unreadable.
On one occasion I was able to play with the inbox file in which BitDefender had identified a worm. The worm was not active for several years, so I thought it was probably in an attachment that had never been opened, nevertheless, I couldn't figure out which email it was. So I copied the inbox.dbx file and deleted half of the contents and had BitDefender scan the remainder. There was no worm found, indicating the worm was in the other half of the inbox.dbx file. So I had BitDefender scan the other half of the contents, and no worm was found in that half either. I thought I must have accidentally cut the infected file through the middle, so I removed the upper and lower 10 % of the file so BitDefender would have the complete middle of the inbox.dbx file to scan and it didn't find the worm in that case either. I had it scan the complete inbox.dbx file and there was the worm.
Although these worms usually stay inactive, one of them in the trash got going and achieved something like 64,000 files. Dealing with the trash was no problem. I simply emptied, compressed it and rescanned it and the worm was gone. However, the two inactive worms in the inbox file don't wish to be identified and neither can I simply delete the entire inbox folder without losing a lot of valuable emails.
Has anyone else encountered this problem of infected emails being identified by a number that is not associated with either a date or a subject line? Any thoughts on this?