As of just bthe past 3-4 days, Norton 360 is finding high risk malware contained in compressed files, and its only solution is to delete the compressed file. The problem is that the files it's complaining about are my Thunderbird local folder files, which are essential to me. The first time this happened, I let Norton "solve" the problem, and it did so by completely deleting an entire local folder. Fortunately I was able to recover from the previous night's backup, but it was a major hassle.
Today the file in question is the most important local folder: the one containing current and recent emails for my entire business. I haven't let Norton delete it. Any idea how to prevent this from happening, or otherwise dealing with it?
Here's how Norton details the malware and what it wants to delete:
Unknown Community Usage, Risk High
upsnotify.rar
[Contained in] upsnotify.rar
[Contained in] unknown38cbe2c2.data
[Contained in] c:\users\bill\roaming\thunderbird\profiles\00h6tz1v.default\mail\local folderds\rank magic
No fix attempted
Any help will be greatly appreciated!
Hi btreloar,
Unfortunately, yogesh_mohan's fix only works for newly arrived messages that can be temporarily received as individual files. Once these messages have been added to the Inbox, they cannot be quarantined separately.
You need to exclude the Inbox (and any other mail folders that you might choose) from scans in the following two Norton Scan Exclusion settings:
Items to Exclude from Scans
Items to Exclude from Auto-Protect and SONAR Detection
Click Configure [+] for each of these options and click the Add button in the Scan Exclusion box. Navigate to the Inbox, which in XP is located here:
C:\Documents and Settings\\Application Data\Thunderbird\Profiles\\Mail\Local Folders\Inbox
(Note the actual mail folders do not have file extensions. Ignore the .msf files of the same names.)
See this post for a fuller discussion of Thunderbird and Antivirus:
http://community.norton.com/t5/Norton-Internet-Security-Norton/Thunderbird-Inbox-file-scrambled/m-p/427440/message-uid/427440/highlight/true#U427440
Very Helpful!
I pruned the offending folder of all emails with attachments, then compacted all folders. I applied they exclusions you suggested, but continued to get the warning. I presume that's just a reminder based on the last scan, so I've rebooted and am running a full system scan now. I expect that I should now get a clean bill of health.
Thanks for the very thorough and crystal clear response!
Bill
As of just bthe past 3-4 days, Norton 360 is finding high risk malware contained in compressed files, and its only solution is to delete the compressed file. The problem is that the files it's complaining about are my Thunderbird local folder files, which are essential to me. The first time this happened, I let Norton "solve" the problem, and it did so by completely deleting an entire local folder. Fortunately I was able to recover from the previous night's backup, but it was a major hassle.
Today the file in question is the most important local folder: the one containing current and recent emails for my entire business. I haven't let Norton delete it. Any idea how to prevent this from happening, or otherwise dealing with it?
Here's how Norton details the malware and what it wants to delete:
Unknown Community Usage, Risk High
upsnotify.rar
[Contained in] upsnotify.rar
[Contained in] unknown38cbe2c2.data
[Contained in] c:\users\bill\roaming\thunderbird\profiles\00h6tz1v.default\mail\local folderds\rank magic
No fix attempted
Any help will be greatly appreciated!
Hi btreloar,
Yes, if the files that Norton detected were not removed, then they are probably still listed in Unresolved Security Risks in the Norton History logs and Norton is continuing to remind you of them. You should be able to resolve this by opening Unresolved Security Risks and clicking the "Clear entries" button.
Thanks! Unfortunately, I tried my own solution ... which failed.
I copied the folder to c:\temp. Then I agreed to let Norton "fix" the problem. It deleted the mail folder as expected, so I then copied my saved temp file back and confirmed that Thunderbird was fine and all me emails were in place. Then I deleted the temp version of the file.
Soon thereafter I ran a disk cleanup which involved emptying my Recycle Bin.
At the next Reboot, Norton deleted the folder it had already deleted! Only this time, my temp backup was gone.
Fortunately I could restore from last night's backup, but I lost all of today's emails.
Am I at least safe going forward since I've added my Thunderbird local folders as exceptions?
Yes, if you have excluded your important mail folders from scans and from Auto-Protect, then Norton should never fiddle with them again. If it does, then you have not provided the correct folder path. In Thunderbird the mail folders are simply Inbox, Sent, etc - no file extension.