Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Windows Defender reports recurring Thunderbird profile Trojan:HTML/Phish!pz threat

  • 21 replies
  • 5 have this problem
  • 1 view
  • Last reply by Mr Greg

more options

I am a longtime Thunderbird user, currently running 115.6.0 (32-bit). Very recently Windows Defender is detecting malware it identifies as Trojan:HTML/Phish!pz. Defender is unable to quarantine or eliminate the threat.

The specific file is appearing in Volume Shadow Copy data when I am running backup: file: \Device\HarddiskVolumeShadowCopy55\Users\fhanz\AppData\Local\Thunderbird\Profiles\sootdszw.default-release\cache2\entries\342F92977A0BA0715CB8880A9289BC8F8827262C

I've attempted several times to remove the offending file(s), but the problem returns.

What is the best method to determine the source of this malware and effectively eliminate it returning?

If it matters, I use Chrome as my default browser.

I am a longtime Thunderbird user, currently running 115.6.0 (32-bit). Very recently Windows Defender is detecting malware it identifies as Trojan:HTML/Phish!pz. Defender is unable to quarantine or eliminate the threat. The specific file is appearing in Volume Shadow Copy data when I am running backup: file: \Device\HarddiskVolumeShadowCopy55\Users\fhanz\AppData\Local\Thunderbird\Profiles\sootdszw.default-release\cache2\entries\342F92977A0BA0715CB8880A9289BC8F8827262C I've attempted several times to remove the offending file(s), but the problem returns. What is the best method to determine the source of this malware and effectively eliminate it returning? If it matters, I use Chrome as my default browser.

All Replies (1)

more options

Matt.

"Another red herring... Why are you wasting backup space and time backing up a cache? By it's very definition it is not something that needs to be backed up. You have spend a considerable amount of time here trying to fix a backup of something that seriously should not be backed up. Clearly you have no concern with the fact the code is on your system as the solution you have found is to delete it so your backup runs without error. Not identify the source and eliminate it from the server."

I am obviously in way over my head here, just trying to be helpful. Getting lots of feedback from this thread and much more from [email protected]. Spent some time last night upgrading the Compal from Win7 to Win10. Lots of fiddling left to be done there, so I'm going to leave this discussion to those of you who actually know what you're doing. Will monitor for more developments. Thanks for being here and for helping those of us who know just enough to get into trouble, but also when to yield the floor to the real experts. You folks are the best.

greg

  1. 1
  2. 2