Re: Trojan/Virus detected in Outlook2002 pst folder

From: LuckyStrike (LS_at_smokedamagedfurniture.youcandriveitawaytoday.com)
Date: 01/23/04 

Date: Fri, 23 Jan 2004 15:31:00 -0700

Hi Sandi!

They only error message is the typical message box that commonly appears
that says "Microsoft Internet Explorer has encountered a problem and needs
to close" - "if you were in the middle of something the information you were
working on might be lost". Yadda-yadda blah.

How does one "see", access and identify the good from the bad and "cut
around it" so to speak? The Pst files/folders are normally not viewable
except as mail or folders in Outlook, if I understand correctly.

I have run a variety of On-Line scans: Kapersky, Ravantantivirus, Command on
Demand, TrendMicro, Panda. None have detected a thing. BUT, the reason I
"believed" BitDefender is because when there was the spate of virus
attachments being sent to the NG's a while back, BitDefender was the only
one to "see and detect" them in my OE .Dbx identity folders. It couldn't
clean it though, and I had to delete those identity Dbx folders.

Incidentally, none of the messages in question that are suspected as being
infected have a .pif file as an attachment.

Best Regards, 

-- 
LuckyStrike
LS@smokedamagedfurniture.youcandriveitawaytoday.com
--------------------------------------------------------------------
"Sandi - Microsoft MVP" <sandi_hardmeier@mvps.org> wrote in message
news:ewmRwSa4DHA.2168@TK2MSFTNGP12.phx.gbl...
> I would prefer information about the error message from IE before taking
> things any further. Please provide.
>
> In any event, I note that Delwin infects *.exe files; deleting or creating
a
> new pst may not be sufficient, depending on whether the virus has been
> activated.  Delwin apparently uses a *.pif file so you would have to click
> on an attachment to active the virus. I don't think its necessary to
create
> a new PST folder and "move or copy good data". If you can identify the
"good
> data" you can just delete the bad from the original PST and avoid messing
> around.
>
> I would use an online scanner such as that provided by Trendmicroto
confirm
> infection.
>
> -- 
> _______________________________________
> Sandi - Microsoft MVP since 1999 (IE/OE)
> http://www.mvps.org/inetexplorer
>
>
> "LuckyStrike" <LS@smokedamagedfurniture.youcandriveitawaytoday.com> wrote
in
> message news:eMxD3AU4DHA.1936@TK2MSFTNGP12.phx.gbl...
> >I ran BitDefender in-line virus scan and it detected a delwin.Z RAT in
one
> > (or more ) of my received mail messages. The program has apparently
> > detected
> > it in the outlook 5.pst and the Outlook 5 backup.pst. The on-line
scanner
> > usually fails right after the detection, and the "IE has encountered an
> > error and must close" message box appears each time I've scanned to the
> > approximate same point in the folder C:Windows\local
settings\application
> > data\microsoft\outlook.
> >
> > My questions are:
> > Is there anyway to remove the messages in question from the .pst folders
> > and
> > keep the rest of the uninfected letters?
> >
> > If so, how?
> >
> > If not, how may I best retain, import, or export the good items and
> > eliminate the infected ones, while still maintaining the most of what's
> > there. In other words, is it possible to get rid of the crap and not
lose
> > too much/all of the messages which are OK?
> >
> > Running W98se/IE6/Outlook2002/OE and have AVG antivirus (which did *not*
> > detect the Trojan Delwin.Z), FW, etc.All things updated daily if there
are
> > daily updates for the progs in question.
> > -- 
> >
> > LuckyStrike
-----------------------------------------------------------

Relevant Pages

  • Re: Trojan/Virus detected in Outlook2002 pst folder
    ... > Regarding detecting viruses in PST and DBX, I don't trust BitDefender at ... Just like PST, all you ... >> except as mail or folders in Outlook, ... I note that Delwin infects *.exe files; ...
    (microsoft.public.security.virus)
  • Re: Trojan/Virus detected in Outlook2002 pst folder
    ... | Regarding detecting viruses in PST and DBX, I don't trust BitDefender at ... Just like PST, all you ... |> except as mail or folders in Outlook, ...
    (microsoft.public.security.virus)
  • Re: Cant move subfolders to pst folder
    ... I've tried to copy the folders i want to a new pst folders but i still get ... the same error message. ... "Brian Tillman" wrote: ...
    (microsoft.public.outlook.general)
  • Re: Importing Problems with Outlook97
    ... I get an error message telling me ... > that I don't have permission to access the file that I'm ... Assuming you copied the PST to a CD, copy it back from the CD to the hard ... Then start Outlook and click File>Open>Personal Folders File, ...
    (microsoft.public.outlook)
  • False duplicate folder
    ... OE2003 shoes two 'Personal Folders'. ... One of them has no 'pst' data file associated and cannot be deleted. ... This false folder shows the signal at left but if I try to expand it, ... receive the error message: ...
    (microsoft.public.outlook.general)