Thunderbird infected?

Discussion in 'Firefox' started by BlackNikon, Jan 24, 2009.

  1. BlackNikon

    BlackNikon Guest

    I am using Thunderbird dutch Versie 2.0.0.19 (20081209).

    Yesterday the firewall of Norman Suite gave a warning on an outgoing
    process:

    application AntiSpyware Definition Update
    C:\Program files\Mozilla Thunderbird\thunderbird.exe
    external adres 213.0.3.24
    external port 110 POP3- Post Office Protocol

    I refused this activity, but I don´t like my system to be infected,
    whilst using Norman Suite, Prevx Edge, etc.

    I remember I got an email from a wellknown person, but send by
    reunion.com. I didn´t open the email, but I infact allowed the html
    pictures to be loaded and there it went wrong.
    Around the same date of 4 jan I got an update of Thunderbird and I
    remember that the update procedure didn´t work smoothly.

    How can I remove this spyware, which I suppose installs a plugg in
    into Thunderbird, because none of my 3 scanners finds anything?
    Is it possible to get rid of it by uninstalling and reinstalling
    Thunderbird? Can I save my settings and import the mailboxes of Thunderbird.

    Hope somebody can help me a little bit=

    Best regards,

    Eric
     
    BlackNikon, Jan 24, 2009
    #1
    1. Advertising

  2. BlackNikon wrote:
    > I am using Thunderbird dutch Versie 2.0.0.19 (20081209).
    >
    > Yesterday the firewall of Norman Suite gave a warning on an outgoing
    > process:
    >
    > application AntiSpyware Definition Update
    > C:\Program files\Mozilla Thunderbird\thunderbird.exe
    > external adres 213.0.3.24
    > external port 110 POP3- Post Office Protocol
    >
    > I refused this activity, but I don´t like my system to be infected,
    > whilst using Norman Suite, Prevx Edge, etc.
    >
    > I remember I got an email from a wellknown person, but send by
    > reunion.com. I didn´t open the email, but I infact allowed the html
    > pictures to be loaded and there it went wrong.
    > Around the same date of 4 jan I got an update of Thunderbird and I
    > remember that the update procedure didn´t work smoothly.
    >
    > How can I remove this spyware, which I suppose installs a plugg in
    > into Thunderbird, because none of my 3 scanners finds anything?
    > Is it possible to get rid of it by uninstalling and reinstalling
    > Thunderbird? Can I save my settings and import the mailboxes of Thunderbird.
    >
    > Hope somebody can help me a little bit=
    >
    > Best regards,
    >
    > Eric


    first, a lesson: all your mail, passwords, settings,
    etc, are stored in an area called the TB profile. This
    profile is kept separate from the program. When you
    uninstall, all you're doing is removing the program.
    The profile is not touched. So, if you've received an
    infected email, then the email is in the profile.
    Therefore, if you uninstall and you're just removing
    the program, then when you reinstall, the infection
    will still be there.

    My suggestion: you're probably not infected. Norton is
    notorious for giving false positives, expecially
    towards TB. I would get another program.

    --
    *IMPORTANT*: Sorry folks, but I cannot provide email
    help!!!!

    Warning: Private emails sent to me may become public

    Peter Potamus & His Magic Flying Balloon:
    http://melaman2.com/cartoons/singles/mp3/p-potamus.mp3
    http://www.toonopedia.com/potamus.htm
     
    Peter Potamus the Purple Hippo, Jan 24, 2009
    #2
    1. Advertising

  3. BlackNikon

    Guest

    On Fri, 23 Jan 2009 18:23:04 -0800, Peter Potamus the Purple Hippo
    <> wrote:

    >BlackNikon wrote:
    >> I am using Thunderbird dutch Versie 2.0.0.19 (20081209).
    >>
    >> Yesterday the firewall of Norman Suite gave a warning on an outgoing
    >> process:
    >>
    >> application AntiSpyware Definition Update
    >> C:\Program files\Mozilla Thunderbird\thunderbird.exe
    >> external adres 213.0.3.24
    >> external port 110 POP3- Post Office Protocol
    >>
    >> I refused this activity, but I don´t like my system to be infected,
    >> whilst using Norman Suite, Prevx Edge, etc.
    >>
    >> I remember I got an email from a wellknown person, but send by
    >> reunion.com. I didn´t open the email, but I infact allowed the html
    >> pictures to be loaded and there it went wrong.
    >> Around the same date of 4 jan I got an update of Thunderbird and I
    >> remember that the update procedure didn´t work smoothly.
    >>
    >> How can I remove this spyware, which I suppose installs a plugg in
    >> into Thunderbird, because none of my 3 scanners finds anything?
    >> Is it possible to get rid of it by uninstalling and reinstalling
    >> Thunderbird? Can I save my settings and import the mailboxes of Thunderbird.
    >>
    >> Hope somebody can help me a little bit=
    >>
    >> Best regards,
    >>
    >> Eric

    >
    >first, a lesson: all your mail, passwords, settings,
    >etc, are stored in an area called the TB profile. This
    >profile is kept separate from the program. When you
    >uninstall, all you're doing is removing the program.
    >The profile is not touched. So, if you've received an
    >infected email, then the email is in the profile.
    >Therefore, if you uninstall and you're just removing
    >the program, then when you reinstall, the infection
    >will still be there.
    >
    >My suggestion: you're probably not infected. Norton is
    >notorious for giving false positives, expecially
    >towards TB. I would get another program.


    I'm getting an occasional similar alarm from Zone Alarm 8.0 Free
    Firewall. Just began a few weeks ago. However I just get a URL and
    no reference to a POP server. And it is telling me T-Bird wants to act
    as a server, not just access the internet which it already has
    standing permission to do.

    These alerts do not correlate to a time when I am even interacting
    with Thunderbird.
     
    , Jan 25, 2009
    #3
  4. Ed Mullen wrote:
    > Peter Potamus the Purple Hippo wrote:
    >> wrote:
    >>
    >>> I'm getting an occasional similar alarm from Zone Alarm 8.0 Free
    >>> Firewall. Just began a few weeks ago. However I just get a URL and
    >>> no reference to a POP server. And it is telling me T-Bird wants to act
    >>> as a server, not just access the internet which it already has
    >>> standing permission to do.
    >>>
    >>> These alerts do not correlate to a time when I am even interacting
    >>> with Thunderbird.

    >>
    >> yes! With ZA you will get 2 types of alerts. One is a normal alert
    >> -- that TB wants to access the internet, and the other is TB wants to
    >> "act as a server" alert. Just say yes to both. ZA is different than
    >> other firewalls, and insists on this "server" crap. Its just normal,
    >> and nothing to worry about.
    >>
    >> And, with ZA 7 and 8, sometimes it drops your "remember" settings, and
    >> asks you again. Its very irritating at times. Its not a problem with
    >> TB, but rather ZA.
    >>

    >
    > I haven't had any such problems with ZA Pro (using SeaMonkey, not TB).
    > Yes, I know, YMMV. Still, don't be so quick to condemn a product. This
    > is complex stuff and there is an infinite number of configurations.


    as you said Ed, YMMV. I get it all the time with
    SeaMonkey and Thunderbird. Then again, I'm using ZA Free.

    --
    *IMPORTANT*: Sorry folks, but I cannot provide email
    help!!!!

    Warning: Private emails sent to me may become public

    Peter Potamus & His Magic Flying Balloon:
    http://melaman2.com/cartoons/singles/mp3/p-potamus.mp3
    http://www.toonopedia.com/potamus.htm
     
    Peter Potamus the Purple Hippo, Jan 25, 2009
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. JM

    Re: Windows registry infected?

    JM, Jul 10, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    1,164
  2. °Mike°

    Re: What is infected file EGDHTML_1017.dll?

    °Mike°, Aug 15, 2003, in forum: Computer Support
    Replies:
    4
    Views:
    550
    °Mike°
    Aug 17, 2003
  3. wylbur37

    How do you know you didn't get infected by Swen?

    wylbur37, Nov 17, 2003, in forum: Computer Support
    Replies:
    28
    Views:
    823
    M Mullen
    Nov 28, 2003
  4. Fatfreek

    WUPDTMGR.EXE infected says McAfee?

    Fatfreek, Nov 18, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    516
    °Mike°
    Nov 18, 2003
  5. Doug Fox
    Replies:
    10
    Views:
    746
    donutbandit
    Feb 28, 2004
Loading...

Share This Page