TR/Phish.Paylap.R.1 infected my Thunderbird Mailbox

  • Thread starter Thread starter Benjamin Herbert
  • Start date Start date
B

Benjamin Herbert

Hey there,

Antivir states that my local mailbox folder is infected.

The following message opens if I want to access my Inbox via Thunderbird.

***

C:\DOKUMENTE UND
EINSTELLUNGEN\BENJAMIN\ANWENDUNGSDATEN\THUNDERBIRD\PROFILES\X72UPZ2N.DEFAULT\MAIL\MAIL.BOXNAME.DE\INBOX

Ist das Trojanische Pferd TR/Phish.Paylap.R.1.
Diese Datei ist ein E-Mail Ordner der nicht gelöscht oder verändert
werden darf.

***

I am very confused because this folder doesn't even exist...

I deleted every unknown message in that folder whith an attachment,
compressed it and emptied the junkbox and the trashbox...

Did anyone have this problem and can help me out?

Yours,
Benjamin Herbert
 
Benjamin Herbert said:
Hey there,

Antivir states that my local mailbox folder is infected.

The following message opens if I want to access my Inbox via Thunderbird.

***

C:\DOKUMENTE UND EINSTELLUNGEN\...\INBOX

Ist das Trojanische Pferd TR/Phish.Paylap.R.1.
Diese Datei ist ein E-Mail Ordner der nicht gelöscht oder verändert
werden darf.

***

I am very confused because this folder doesn't even exist...
Click to expand...

It probably does - you just can't navigate (browse) to it. Try
explicitly placing the path to it in the address pane of your file
browser.
I deleted every unknown message in that folder whith an attachment,
compressed it and emptied the junkbox and the trashbox...
Click to expand...

From the name, it appears to be a PayPal phishing attempt - probably a
URL and not an attachment at all.

I'll see what I can find on it (I'm bored) :)
 
It probably does - you just can't navigate (browse) to it. Try
explicitly placing the path to it in the address pane of your file
browser.


From the name, it appears to be a PayPal phishing attempt - probably a
URL and not an attachment at all.

I'll see what I can find on it (I'm bored) :)
Click to expand...

The detection covers the body of the email, the HTML. Just disable
antivirus, open thunderbird and clean out email which you don't need.
Dont forget to dump junk mail and trash folders. You can reenable
antivirus when you have cleaned it out.
 
Ian JP Kenefick said:
The detection covers the body of the email, the HTML. Just disable
antivirus, open thunderbird and clean out email which you don't need.
Dont forget to dump junk mail and trash folders. You can reenable
antivirus when you have cleaned it out.
Click to expand...

I don't have the problem, the OP does. :)

He may be able to determine which e-mail it is by using the find utility
to search the inbox for "PayPal" or some other fairly unique wording in
these phish e-mails - but I was unable to find anything to search on
though I'm sure "paypal" would be mentioned in a paypal phish e-mail.
 
It really doesn't exist.

I tried that but at first had no success. I had to clean out the entire
file "Junk"
A harsh, but working method..maybe a little to fast to study the problem.

Thanks for your fast help!

Benjamin Herbert
 
I tried that but at first had no success. I had to clean out the entire
file "Junk"
A harsh, but working method..maybe a little to fast to study the problem.

Thanks for your fast help!

Benjamin Herbert
Click to expand...

I'm glad I could help :=) There is plenty if information on my
website. I think lots of people have a similar issue to you. I will
add an article to the website which will cover this problem. Maybe you
can redirect persons with this issue to the website then.
 
I'm glad I could help :=) There is plenty if information on my
website. I think lots of people have a similar issue to you. I will
add an article to the website which will cover this problem. Maybe you
can redirect persons with this issue to the website then.
Click to expand...

Update! I added a new page with instructions on how to disinfect an
infected email database. The link is in the page below.
 
Back
Top