Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have an infected e-mail - but which one?


  • Please log in to reply
4 replies to this topic

#1 faster

faster

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 19 March 2012 - 04:44 PM

I don't know what to do. Clamwin just found this in my Thunderbird Inbox:
Phishing.Email.SpoofedDomain FOUND

There appears to be no way to scan a single piece of e-mail. I can select the Inbox folder and scan them all, but it doesn't tell me WHICH piece of e-mail is infected, and there are about 75 of them.

If I tell it to quarantine, I'll lose ALL the mail.

What I WANT to do is find the infected e-mail and then have Spybot's Secure Shredder eradicate it.

I tried moving all my mail to a new folder I created. The infection traveled with them. I had thought it might be attached to the Inbox itself, rather than a piece of mail. Now I know it IS on a piece of mail, but I don't know which one! The scanner only tells me the infection is in a folder, either Inbox or SavedInbox. But not WHICH piece.

Meanwhile, I've made Outlook Express my default, till I can get rid of this thing.

What should I do?

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:28 PM

Posted 19 March 2012 - 07:01 PM

Good evening. :)

Assuming that it isn't a Clamwin false-positive, which does happen from time to time, it looks like you have recieved an email with a dodgy link in it. If you don't click that link, you don't have any problem. Personally i'd just ignore the issue, but if you don't want to:

Create a new folder and move half of your emails into it.
Scan with Clamwin and when it tells you what folder the infected email is in, create a new folder and move half of those emails into it and scan again and so on.
You should be able to identify the naughty one in half a dozen goes and then delete it.

So long, and thanks for all the fish.

 

 


#3 faster

faster
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 20 March 2012 - 01:12 PM

You just outdid me with smart! I had the same idea, but thought I'd have to do it one by one. Your idea's much better. Still a bit laborious, but definitely less so.

Thanks!

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:28 PM

Posted 20 March 2012 - 03:40 PM

You just outdid me with smart!

I was bluffing! :whistle:

I'd like to claim credit for the idea, but it's just http://en.wikipedia.org/wiki/Binary_search_algorithm applied to your situation.

So long, and thanks for all the fish.

 

 


#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:28 PM

Posted 25 March 2012 - 01:41 PM

As this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users