Deleting a virus in outlook.pst in Outlook 2007

Lionel
Lionel Posts: 10 New Member

F-S IS 2014 tells me I have a virus called Gen:Variant.Symmi.42521 in my Outlook 2007 outlook.pst file. This is completely useless information. I need the message name, origin etc. in order to delete it. How else can I possibly find the right message? I 'phoned support and they told me to do ultra complex things with the file in a format called eml. I didn't understand what they meant and still don't. Anyone know a solution a non-geek can understand?

Comments

  • NikK
    NikK Posts: 903 Forum Champion

    First, do a "compact" on your pst file. You might already have deleted the infected email without knowing it, but it will still exist in the pst file until you do a compact.

     

    I have a VBA script, although maybe a little geeky, that will save all email attachments to disk and include the message name and path in each file name. Then you just scan the folder where all attachments were saved, and the file name will tell you what email is infected.

     

    Only attachments will be saved, not all emails, because attachments are the likely place of infection, not the email body.

     

    http://community.f-secure.com/t5/Security/virus-s-imside-Aquarius/m-p/40627/highlight/true#M7398

     

    The above post includes instructions so hopefully a non-geek will be fine too Smiley Wink

  • NikK
    NikK Posts: 903 Forum Champion

    There's also a manual way with drag-and-drop(copy) but you have to repeat it for every email folder. Example for Inbox:

     

    In windows explorer create a folder somewhere called Inbox.

    In Outlook select all items in the Inbox folder, drag-and-drop them to the explorer window.

     

    Then scan the folder where you dragged the items to. The easiest way is to right-click that folder in explorer and select "Scan Folders for Viruses".

     

    Tip: Sort your mail folders on attachment and only drag-and-drop items with attachments.

  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    You can also refer directly to this thread:

    http://community.f-secure.com/t5/Security/How-to-find-which-mailbox-is/td-p/30358

     

    It is the one referenced in the thread NikK mentioned.

  • Lionel
    Lionel Posts: 10 New Member

    This strikes this non-guru as ridiculously laborious. Why can't an anti-virus programme find the message containing the virus and delete it without all this messing about with temporary mail folders etc.? Surely someone has already invented an anti-virus programme that can do this in Outlook. Last time I had to delete ALL messages and start again from scratch.

    The other point that strikes this non-guru is why F-S didn't stop the virus getting into outlook.pst in the first place.

    Spending hours messing about with temporary folders and so on is simply not a good option to my mind.

    I propose F-S improve their a-v software accordingly.

  • Lionel
    Lionel Posts: 10 New Member

    Nikk,

     

    Is there an e-mail programme that keeps messages individually so that it's easy to find the one that has a virus in it, if any? Keeping them in a database as Outlook does just makes life impossible for the non-geek if a virus slips through and is in any message in the database. You need to be a computer engineer to find the relevant message and delete it.

     

    Thanks,

     

    Lionel.

  • NikK
    NikK Posts: 903 Forum Champion

    No, not that I know of. But that doesn't mean there isn't one. Here's a comparison of email clients and database format:

    http://en.wikipedia.org/wiki/Comparison_of_email_clients#Database.2C_folders_and_customization

     

    Because the pst file format contains all mail items in one single database it means that any program that wants to modify something in it, for example to clean/delete an infected attachment, has to know how that format works. I don't think you should demand that from an AV product (just my opinion). Other actions like to quarantine or delete the file is not an option for a pst because then it'll delete everything.

     

    I don't know, but I'm thinking that since the pst format is Microsofts, maybe one of their products is able to "clean" the pst file:

    http://www.microsoft.com/security/scanner/en-us/default.aspx

    http://www.microsoft.com/security/pc-security/malware-removal.aspx

    http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

     

    BTW, there's probably no harm since you have the real-time scan that will check every file that is executed. An infected attachment is harmless unless you open it. And when you open it F-Secure will check it and block it from running.

     

    I found a free program that can extract attachments: http://www.nirsoft.net/utils/outlook_attachment.html

    When scanning it on VirusTotal (54 different AV's) one of them says it's a "possible worm". When scanning on herdProtect (68 AV's) it says it's clean, so maybe it is clean.

    I haven't tested this myself but if you decide to try it read the section named "Control The Filename Format of Extracted Attachment". There you can change the filenames so they include also folder name and subject, and not only the attachment name.

     

    If you don't want to try this program, I recommend you to get help from someone more geeky and follow the instructions from my first post with the VBA script. To quote the user I helped with that script, who had pst files over 2 GB:

    "This has been a stress for over a year now with little or no support from F-Secure other than advise to open every email to locate the malware. But full marks to you NikK..Please take a Bow my mate..Your expert support here has been inspirational and certainly made me a wiser chap than before...All sooo much appreciated!!!!  Job done, solution accepted..Thanks again!"

This discussion has been closed.
Pricing & Product Info