Trojan Virus - Beginning 4/13/2022
Windows 10 Pro v. 21H2 - Thunderbird v. 91.8.1
Windows Security: 4/13/2022 - detected 14 Severe Threats from inbound emails infected with Trojan:HTML/Phish.RA!MTB. 4/14/2022 - detected 23 more since then - "only" 27 more, because I stopped opening Thunderbird except when absolutely necessary..
By that time, Outlook 2016 was also up and running on the same computer and receiving the same email account's messages.
When Thunderbird is shut down, not one Severe Threat is seen by Windows Security. Outlook does not allow infected messages to get through. The moment I open Thunderbird, the virus flood begins with pent up fervor.
Conclusion: Thunderbird has severe security issues. Not Windows. Not Outlook.
With respect, what's going on?
Thank you, rsw1941
Krejt Përgjigjet (3)
I don't understand your concern. If Windows detected severe threats, shouldn't it stop them? That's what it's for. Thunderbird does not have built-in anti-virus and depends on the host OS to do that.
David,
Thank you for your reply.
As a very old techie, I'm a firm believer in redundancy - a belt & suspenders approach to anything as critical as virus protection.
1. I've used Thunderbird for decades on multiple computers. On this computer for years. 2. I cannot recall Windows Security ever reporting being handed a virus by Thunderbird. 2. SOMETHING changed on or about 4/13/2022. 3. But only with Thunderbird. 4. For all I know, the virus was first created on 4/13/2022. But, that's not the answer. 5. Windows and Outlook run for 8-10 hours every day. 6. The combination of Windows and Outlook has never reported it. 7. The combination of Windows and Thunderbird reports it every time Thunderbird runs. 8. Something has changed in Thunderbird's world. 9. What might that be?
Regards, rsw1941
If there is any virus contained in an email, it is more likely to be via an attachment. But only you can run attachments. In Thunderbird, by default all remote content is disabled, so if any is enabled then only you allowed it.
Trojan.HTML.Phishing is a malicious program that silently redirects the web browser to a fraudulent web page or site. So you are probably talking about remote content links in junk mail.
I would never allow any AV product to auto fix any file in a Thunderbird profile because you are likely to lose everything in that file - set it to always ask what to do.
It is possible the problem emails have been deleted already, but they may be 'marked as deleted' and hidden from view because the folder has not been compacted.
Have you compacted your folders? compacting removes all traces of previously deleted emails which may have hidden traces left in the files. So the first line of attack is to manually compact each folder in turn. But I would start with the 'Junk/Spam' folder.
- Right click on Junk/Spam folder and select 'Empty Junk'
- Right click on Junk/Spam folder and select 'compact'.
then work through all other folders in turn to compact the folder.