cancel
Showing results for 
Search instead for 
Did you mean: 

ZBOT.EDY Trojan from Royal Mail via Thunderbird

shutter
Community Veteran
Posts: 22,206
Thanks: 3,769
Fixes: 65
Registered: ‎06-11-2007

ZBOT.EDY Trojan from Royal Mail via Thunderbird

I used to use AVG FREE many years ago... and dropped it, like many others when it got too big for its boots.. and hogged everything.... since then have been using AVAST or AVIRA... AVAST "seemed" to be doing its job, but now I`m not so sure....  I was having some issues with another program, so I decided to uninstall AVAST and give AVIRA a go... the problem seemed to be worse... so I unistalled AVIRA and installed AVG FREE again... ( yesterday)... having gone through all the settings, to make sure I knew what it was doing, I then shut down the computer, this morning, after I booted up... I called on AVG to do a complete scan.... 
It found ZBOT.EDY  Trojan Horse ... (ranked number 188 in the world of trojans ) four times....  and they were found in Thunderbird "Old Profiles"... \Trash:\RoyalMail_ID-36FFDYYYYY4AUUU&XXXXX.zip  ( I.D. Number changed by me )...
So it appears that AVG is doing a better job at detection than AVAST or AVIRA.. as this has never shown up before.
I also had a  warning about ATUBECATCHER with  "Malsign.Generic.C28"  ( ranked number 5 in the world of Trojans)
again... AVAST and AVIRA did not show these when finished scanning....
Think I`ll stay with AVG for a while... !  ....
The emails, from Royl Mail, "probably" were notifications of some kind....
I do not open attachments, unless I am expecting them from a "known sender"...
6 REPLIES 6
nanotm
Pro
Posts: 5,756
Thanks: 156
Fixes: 2
Registered: ‎11-02-2013

Re: ZBOT.EDY Trojan from Royal Mail via Thunderbird

don't use programs that download mail just get all the accounts forwarded to a primary browser based mailbox and then you don't run the risk of the program "reading" such things either
as to AV products, the "free" ones are never up to the job, if it doesn't have a subscription offer (like mcafee does with the majority of isp's) then buy something decent, i wouldn't use AVG if you paid me now that stalk-stalk offer it as part of their package, i would never use it before (because of some of the dodgy practices by the company).
never undserstand why people spend days or weeks agonising over which "free software" is the best when they get one that doesn't add infections for free from the ISP (unless your with stalk stalk of course)
just because your paranoid doesn't mean they aren't out to get you
shutter
Community Veteran
Posts: 22,206
Thanks: 3,769
Fixes: 65
Registered: ‎06-11-2007

Re: ZBOT.EDY Trojan from Royal Mail via Thunderbird

Well, despite your "downer" on everything that everybody else does, and in particular, your downer on FREE stuff.... I have , been using only FREE programs, ever since I started on the internet, a zillion years ago... and... again... despite your "dire warnings".. have never actually had any real problems with them...  I would rather beleive the reports of companies who have run these free anti-virus / anti-malware programs through test programs, and made comparison charts on their results, than your "personal opinion",... which seems to me to be very narrow minded about most subjects you comment on.  i.e. if you don`t trust it... nobody else should trust it.... or if you do trust/like something,.... then the world and his onions should follow you like sheep.
The point I was making, in my original post seems to have been lost on you.... and that was/is  AVAST and AVIRA... both FREE ... did not pick up on the trojans that AVG, which  you despise so much and is FREE, so doubly despised...
actually DID pick up on them.....
n other words... A free program that actually worked..... totally against your worst judgement of it....
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: ZBOT.EDY Trojan from Royal Mail via Thunderbird

A question if not two
When did you last do a full scan with Avast or Avira
When did the email arrive or more to the point why didn't you delete it as spam or why didn't Thunderbird delete all the emails in Trash
Given that the email is associated with an old profile and not your current one why is it still there
shutter
Community Veteran
Posts: 22,206
Thanks: 3,769
Fixes: 65
Registered: ‎06-11-2007

Re: ZBOT.EDY Trojan from Royal Mail via Thunderbird

Avast was my primary AV for the past 5 years or more... so scans have been quite regular, once a week..
Avira was the "test" to see if AVAST was causing problems with another program ... but as mentioned, the problem got worse, so I did not do a full scan during the 24 hours Avira was installed.
The emails would probably have "appeared" normal having gone through PlusNets security before arriving at my end... and the text content, was probably only some informative type, like... your package is awaiting collection at the delivery office... with no attachment, it would , again, appear "normal" on my screen, and, of course with no attachment, I would not have bothered about "opening" it...
The "old" profile, would possibly be because of a "new" install, ... Thunderbird and Firefox leave behind a tremendous amount of files and folders after an "uninstall"... where the program is actually removed from the "programs" folder.. but the remnants are located in another location... e.g. appdata .. these have to be manually found and removed/deleted/preferably erased..
I did not realise the last, until I had problems with FF38.1 updating from previous FF36.1 install.... despite uninstalling FF38.1 and re-installing FF36.1 
As an aside to the FF files and folders.... AVAST also leaves behind a folder after uninstall called "Avast Persistant"... and it is difficult to delete/remove... without some devious efforts....
7up
Community Veteran
Posts: 15,824
Thanks: 1,579
Fixes: 17
Registered: ‎01-08-2007

Re: ZBOT.EDY Trojan from Royal Mail via Thunderbird

I must admit I've noticed many AVs miss infections that others detect. Moons ago i used to run three antivirus programs but these days on one single core machine i couldn't justify that. Now i'm running on 8 cores I might go back to it.
I've found AVG useless in the past.. found that avast then picked up things that AVG missed.. and vice versa.
I'm with nanotm on this which is kinda rare... use a webmail instead of a local client that downloads emails. The reason i say this is because html emails that are downloaded can run code that executes an attachment. Webmail doesn't permit this because the attachments are not actually there - the html email is stripped out of the original and displayed but the attachments are not there / part of it and have to be downloaded seperately.
I also run antimalwarebytes... reason being is that the definition of virus doesn't seem to cover "malware" or trojans these days (despite that being the reason AV products exist in the first place). antimalwarebytes seems to be much better at finding trojans and root kits and very good at removing them - unlike some AV products.
I really can't stress the webmali option enough.. I know it means leaving your emails on someone elses server instead of downloading them to your local computer but they'll take care of backups aswell as providing you attachment execution protection.
I need a new signature... i'm bored of the old one!
nanotm
Pro
Posts: 5,756
Thanks: 156
Fixes: 2
Registered: ‎11-02-2013

Re: ZBOT.EDY Trojan from Royal Mail via Thunderbird

my point was all those so called free programs are either poorly supported or riddled with ad based spyware, avg was itself recently the subject of several reports based on its delivery of a virus via its add network that bypass its av suit and execute directly onto consumer system and often comes bundled with junk like pc-doctor as a hidden extra (another piece of trashware) other free versions of av programs update a limited number of times and then become a liability rather than a protection feature often leaving the uninformed user at risk (as you have so succinctly pointed out that just happened to you)
I don't hate free stuff, I often take advantage of "free extra's" that are linked to bought items, what mystifies me is that people who claim to be chasing free options don't simply avail themselves of the free extra that the ISP(s) provide, a fully featured fully supported subscription based (often referred to as pro) product that does everything required and even has several update a day without bombarding you with adverts or loading in trashware......
that I dislike the practices of companies like AVG and their partners seems to upset you yet you fail to grasp the reality of the situation, the non subscription AV products are not as good as subscription ones, regardless of if you pay extra for the subscription (and I don't pay extra for the ISP provided product)
Quote from: shutter
Well, despite your "downer" on everything that everybody else does, and in particular, your downer on FREE stuff.... I have , been using only FREE programs, ever since I started on the internet, a zillion years ago... and... again... despite your "dire warnings".. have never actually had any real problems with them...  
that your know of, yet you just said
Quote from: shutter
AVAST or AVIRA... AVAST "seemed" to be doing its job, but now I`m not so sure....  so I uninstalled AVIRA and installed AVG FREE .. I called on AVG to do a complete scan....  
It found ZBOT.EDY  Trojan Horse ...  four times....    
I also had a  warning about ATUBECATCHER with   "Malsign.Generic.C28"  ( ranked number 5 in the world of Trojans)
so in truth you have zero idea what if any damage was caused by this malware (and clearly it was running somewhere which is what prompted the change of av product) and that's just this time, never mind any previous time something nasty got onto your system /

and i offered you some advice,
Quote
don't use programs that download mail
sound security advice that has been given out freely for years on lots of blogs about the dangers of email nasties getting auto installed even when the user does nothing other than fire-up their preferred mail program....
you are free to do whatever you want i offered an alternative solution to having all your mailboxes listed individually within a mail program, send them all to the one mailbox, create custom receive rules within the mail server (yahoo, Hotmail, gmail for instance) all support this which allows you to group everything as you choose, purely because its safer than running thunderbird/outlook/livemail/e.c.t.  all of which are a weak point in electronic security.

nb;
Mcafee would of scanned your emails as they downloaded and alerted you to the problems as and when they arose either blocking the download file or shoving it into quarantine along with a nice big red popup notification,

as to the uninstall problems a simple but effective way of getitn rid of such traces is to open windows search, type for instance %Mozilla% and hit enter, when it finishes, press ctl + a and then shift + del and hit enter, it will all be gone in seconds >>>>
just because your paranoid doesn't mean they aren't out to get you