How to find which mailbox is infected

F-Secure has found a virus in the outlook.pst file. It only says 'a mailbox is infected'. As I already have several mailboxes, how to find out which one is infected. The F-Secure suggestion of splitting email messages in different mailboxes only makes sense if it tells you which one is infected.

Any idea how to get that information?

Comments

  • Simon
    Simon Posts: 2,667 Superuser

    I don't use Outlook, so this is just a guess, but would each mailbox be stored in separate folders somewhere on your computer?  In that case, you may be able to select each one individually and do a right click scan for viruses on it.

  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Hi raaf,

    With regards to your problem, I would suggest you to open your mailbox and delete any suspected emails that you have and then also clean the spam mailbox. Once you have done that kindly try to scan again. If still there is a detection do update us.

    Thanks.

    Best Regards,
    Jagadesan

  • NikK
    NikK Posts: 903 Forum Champion

    Sorry for a late response,

    I've had this happening to me and here's what I did:

     

    Copied my .pst file

     

    1. Open the .pst copy
    2. Deleted the first of my folders(mailboxes)
    3. Compacted the .pst
    4. Rescanned the .pst (with manual scan setting: All file types + Archives + Advanced Heuristics)

     

    If virus still was found, you just repeat these 4 steps.

    NOTE! If you are infected in multiple folders you have to keep track of every scan and note how many viruses were found.

    For example: you have 5 infections. You delete the first folder, compact and rescan and it now shows 4 infections. Then you had of course 1 infection in that deleted folder.

  • NikK
    NikK Posts: 903 Forum Champion

    Hi again,

     

    I just realised I may have misunderstood you:

    I also hade several .pst files, if that is what you mean by "mailboxes"? But in the window that shows the infections after a scan, on of the columns(in dark blue text I think) showed the name of the .pst file. Possible it's not visible until you make each column wider, so you really know you can see all text in every column.

    Or maybe I clicked a link somewhere. I'm 100% it told me the .pst file somehow.

     

    If NOT, then you just scan every .pst file one at a time.

  • NikK
    NikK Posts: 903 Forum Champion

    If anyone finds this thread you should know that there is a VBA program(code) that can extract and save all attachments from an Outlook folder including subfolders, so you then easily can scan the folder with all attachments to find which emails are infected. Each file name includes the name of the datafile(PST), folder name, email subject and attachment name so it's easy to identify and delete those emails in Outlook.

    It only extracts the attachments because it's highly unlikely that an email body is infected. And that also heavily reduces the number of files that needs to be created on the hard drive. It's been tested and proved successful with over 2 GB of emails. 

     

    Instructions and the VBA code can be found here:

    http://community.f-secure.com/t5/Security/virus-s-imside-Aquarius/m-p/40627/highlight/true#M7398

     

    In case you run into any problem, also read the following 2 pages in the linked thread above. Those cover the most likely problem scenarios.

  • Lionel
    Lionel Posts: 10 New Member

    This is ridiculous. What's needed is a programme that finds and deletes the infected message/s in Outlook or whatever other e-mail client is used. In my case my computer guru came 'round after 4 days and used software he'd written himself to find and delete the infected messages. F-Secure could integrate such software in their Internet Security suite - they simply don't want to. Nor do any of the other anti-virus software companies. Why? Their justifications are just excuses.´In the meantime we have to go this farcically laborious route or delete outlook.pst altogether and start again after losing all the mesaages in this file. I'm amazed no software company has yet come up with a programme that deals with this problem virtually automatically, like the one my guru wrote himself.

  • Simon
    Simon Posts: 2,667 Superuser
    I'm a little confused as to why the infected messages aren't detected and dealt with on arrival.
  • Lionel
    Lionel Posts: 10 New Member

    Becasuse no anti-virus software can keep up with malware developments - by the time the latest malware has been detected and prevention added to the anti-virus software the malware has slipped through in a lot of cases.

  • Lionel
    Lionel Posts: 10 New Member
    Why can't the antivrus software makers integrate all this in their software?
This discussion has been closed.
Pricing & Product Info