Not removable trojan
Hello,
Maybe you can help me since I can’t contact any F-Secure agents… I get this message, but the trojan cannot be removed. What to do now?
Thanks for helping me out!
Accepted Answer
-
Hello,
Based your screenshot, the detected threat is located in an email archive or some container that contains email client data. As far as I can understand it.
Most likely detected item could be an attachment to one of the letters. And based on the name of the threat (Trojan.TR/AVI.AgentTesla) - apparently - some kind of spam letter. It is possible that the emails are already filtered and located in the "Spam/Junk" folder in your Mail client or application.
So, the first advice is better do not open any 'suspicious' emails and especially do not click anything in there and furthermore downloading or running attached files / items or sort of things.
The second advice is about how to deal with removing detected items (or email-letters affected by this trouble). Looks like you have MacOS, thus I can't give you specific advice on how to deal with it yourself. And I recommend contacting F-Secure support anyway - if you want to know exactly which emails contain malicious attachments or which email is detected (if this is even possible). Usually, it should be possible to find a time when Support Agents are not busy:
However, perhaps, can be enough to clean up Spam-folder by deleting all content in there (by using mail app). The trouble is that here may be some important letters wrongly arrived or categorized as spam.
I tried to read a b it about Trojan/Agent Tesla and sounds that its spam-campaing looks as a pretty decent letters. So, likely it is not categorized as spam automatically at the time. And can be in your inbox. And furthermore can be close to the very legit letter from a well-known source. Based on its look and feel.
Maybe attachment is packed in archive. So, as such - it is a static threat. If you do not launch it, open it - your system is unaffected. F-Secure cannot delete / remove it automatically either because it is inside container (as Email Client data storage, for example) or the stored file is an archive (where 'detected item' is inside's content). It is unknown if this archive does not contain anything useful - so, it is a risky to delete it automatically.
Some of the general discussions about related subject or type of problem:
- community.f-secure.com/en/discussion/126132/f-secure-safe-just-cannot-handle-the-new-malware-rhetorical
- community.f-secure.com/en/discussion/30358/how-to-find-which-mailbox-is-infected
- community.f-secure.com/en/discussion/122456/internet-security-finds-a-trojan-but-will-not-clean-it
- community.f-secure.com/en/discussion/124071/how-do-i-remove-malware-virus-from-a-pst-file
- community.f-secure.com/internet-security-en/kb/articles/5235-viruses-were-found-but-were-not-automatically-cleaned-what-can-i-do
Thanks!