"Look sophisticated on your vacation" Thunderbird

[oliverjames]

I have a problem with incoming mail. I use both WinXP and Linux operating systems. Thunderbird is my mail programme for both OSs

I use gmail accounts but Thunderbird pulls these messages from the server via POP and stores them in my central message folder; this is on a fat32 partition (my main data partition for both OSs).

About 1 month ago incoming mail under WinXP and Linux had the correct initial header and expected sender, however in the message window the subject is "Look sophisticated on your vacation" and the sender Ernest Terutah, recipient address is my former now cancelled email account with Wanadoo (confirmed inactive). Sometimes the message would be blank. Reading mesage information showed a lot of links which were common to urls on my machine.

I then ran adaware, and spybot scans on the WinXP partitions (including the email partition). Now I can receive emails that appear OK, in TBird under Windows but they are still being hijacked in the same way if I attempt this under Linux. I note that hijacked mails received under Linux can now  be opened and read normally under WinXP.

It seems I have a nasty bit of malware in my email message directory.

Can anyone help me to remove this annoying problem?

[Bobby]

hello there,
i might be missing some point but i don't understand why you think you have a malware? i see you got spam, but that's not necessary a sign of malware. could you provide more details about what is going on on your computer?

[oliverjames]

Hello Bobby,

Messages are received by Thunderbird under the Linux OS that have the message replaced by one headed "Look sophisticated on your vacation" (Search for that on the web, you'll find a variant of the message body that is presented).

I have to reboot under the WinXP OS and open Tbird in order to read the message. This happened initially under WinXP as well but adaware and spybot seem to have rendered the offending item powerless under this OS.

Given that Tbird in both OSs point at the same message directory I conclude that there is perhaps a piece of (java?) script that is operating on the incoming message under Linux to cause this.

Whatever is the cause I'd like to restore the system to its previous expected behaviour pattern.

Changed anti virus from Zone alarm to Avast. Avast has detected virus Win32.Faker-M virus in mail directory. Need to get rid of that and then re-check.

[oliverjames]

I switched Antivirus from Zone Alarm to Avast and immediately turned up the trojan Win32;Faker-M lurking in my Tbird inbox. Furthermore found a compression bomb in the send file.

Cured by moving all needed messages to relevant Tbird archive folder. Then, as root under Linux, created new mail folder and moved all files except the infected inbox and sent files to this new mail folder. Then deleted the folders from CLI as root before renaming the mail folder a nd reopening Tbird to recreate inbox and sent files.

Tbird now works as expected under WinXP and Linux.

[Bobby]

sounds great! thank you for sharing your experience, i hope it will be useful for others who got similar problems.