Jump to content
Kaspersky Support Forum

HEUR:Trojan.VBS.SAgent.gen - Thunderbird infection

Mr Tech

By Mr Tech
in Virus and Ransomware related questions

 Share
Go to solution Solved by Berny,

Recommended Posts

Mr Tech

Mr Tech

Posted
Posted

Hi, I just noticed that my computer has been infected by a trojan called "HEUR:Trojan.VBS.SAgent.gen", and I can't remove it via Kapersky...The trojan is found in the inbox file in Thunderbird. So it's not a file that I can remove (it's all code). Kapersky stated that these two files are the source of the Trojan (they are not found as an e-mail attachment in my inbox, it's all code in the inbox file in Thunderbird):

P000009384:Emirates_Marble-pdf.gz and P000009384:Emirates_Marble-pdf.vbs

So I'm simply wondering how I should go about to remove this trojan from my computer?

Source:
https://threats.kaspersky.com/en/threat/HEUR:Trojan.VBS.SAgent.gen/

  • Solution
Berny

Berny

Posted
  • Solution
Posted

@Mr Tech Welcome on the Kaspersky Forum.

1 hour ago, Mr Tech said:

The trojan is found in the inbox file in Thunderbird.


Please try this 

1) Backup TB profiles → Folder  "C:\Users\Name\AppData\Roaming\Thunderbird"

2) Repair folder

Spoiler

01_TB_Rebuild_messsages.thumb.jpg.c398272627a53103b10a920e228e73a7.jpg

3) Compact folder

Spoiler

02_TB_compact_a.jpg.241062017db1a457457d61bc045b958e.jpg

4) Clear cache

Spoiler

03_tb_clear_cache.thumb.jpg.264c4d9cb28faa13720d43b6b2bc8d80.jpg

5) Reboot

6) Run a full scan ?

Mr Tech

Mr Tech

Posted
  • Author
Posted

Hi there Berny 😃 I did as instructed, and it worked! So a big thanks. One question remains though, I have no idea (whatsoever) how I got that trojan in the first place...Because I got no memory of even opening up the said e-mail.

Anyways, thanks!

  • Like 1
Berny

Berny

Posted
Posted

@Mr Tech

43 minutes ago, Mr Tech said:

So a big thanks.

You are welcome !

The malicious script [Emirates Marble-pdf.vbs] is mostly distributed via phishing emails , in your case it looks like this object is disguised as a PDF-file 🤔. FYI Kaspersky is scanning the Thunderbid Profiles since version 21.23.

Also the TB Mozilla Export option supports backup ZIP files up to (only) 2 GB , therefore I always recommend to backup the Profiles folder. 

Anyway i am glad that your issue is fixed and feel free to contact us again if you encounter any problems or require further assistance.

Mr Tech

Mr Tech

Posted
  • Author
Posted

Hi again Berny 😃 Thanks, that is correct. That's what I've learned, yes. Yep, so I do it at least one time per month. So am I, because I had never experienced anything like that before. And I've been using computers since the early 90s.

Anyways, thanks again. Have a nice day.

  • Like 1

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...