Geoffr 0 Posted March 5 Share Posted March 5 My ESET NOD32 keeps finding PDF/Phishing.A.Gen files within my offline version of Google Mail. As far as I can tell it's the same couple of files as Gmail keeps re-downloading them. Does anyone know how to match the ESET log to the actual location of the file in gmail so I can delete it? ------- Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 2023-03-05 9:03:17 AM;Real-time file system protection;file;C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\217a4f4b-d804-434f-9102-a45277e8cfb3\cebd6968102eee37_0;PDF/Phishing.A.Gen trojan;cleaned by deleting;GEOFF-NITRO\geoff;Event occurred on a new file created by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (6B4F135E1D7018079AC7262451C3A4E3278F2134).;EE1990D2C8FBA33E8A366555A1F44B1F6120A37F;2023-03-05 9:02:39 AM Quote Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 183 Posted March 5 Most Valued Members Share Posted March 5 1 hour ago, Geoffr said: My ESET NOD32 keeps finding PDF/Phishing.A.Gen files within my offline version of Google Mail. As far as I can tell it's the same couple of files as Gmail keeps re-downloading them. Does anyone know how to match the ESET log to the actual location of the file in gmail so I can delete it? ------- Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 2023-03-05 9:03:17 AM;Real-time file system protection;file;C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\217a4f4b-d804-434f-9102-a45277e8cfb3\cebd6968102eee37_0;PDF/Phishing.A.Gen trojan;cleaned by deleting;GEOFF-NITRO\geoff;Event occurred on a new file created by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (6B4F135E1D7018079AC7262451C3A4E3278F2134).;EE1990D2C8FBA33E8A366555A1F44B1F6120A37F;2023-03-05 9:02:39 AM Try to check inside the Quarantine area in ESET , check for the file name and then search your email for that nameof.pdf and then get rid of the email , it should cease Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,614 Posted March 5 Administrators Share Posted March 5 Please provide logs collected with ESET Log Collector. Make sure to select all quarantined files: Quote Link to comment Share on other sites More sharing options...
Geoffr 0 Posted March 6 Author Share Posted March 6 Marcos, Here is the requested log. NightOwl, The problem is the files don't have the name of the attachement in Google (the Gmail Cache doesn't use the same file name ) eav_logs.zip Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,614 Posted March 6 Administrators Share Posted March 6 I confirm the detection is correct. You have quite may scam PDFs like that in quarantine. Unfortunately the ELC logs contained only quarantined files so I could not check your configuration. Files downloaded by Chrome should be normally detected by the https scanner upon download. Quote Link to comment Share on other sites More sharing options...
SeriousHoax 71 Posted March 6 Share Posted March 6 If you can't find any other solution then one thing you can try is temporarily install an email client like Thunderbird which is free. Then log into your account in Thunderbird and see if ESET can pinpoint the email location this time. Maybe even disable ESET's protection temporarily while logging in so that the malicious attachment is loaded in Thunderbird's email files and then scan it using ESET. Though I don't know if ESET's scanner will show you the exact email, not every product can do this I think. This is something Bitdefender can, and it was helpful for me when I had slightly different but similar situation to yours a few years ago. Remove threats detected in e-mail attachments after a Bitdefender scan Quote Link to comment Share on other sites More sharing options...
itman 1,510 Posted March 6 Share Posted March 6 (edited) 5 hours ago, SeriousHoax said: If you can't find any other solution then one thing you can try is temporarily install an email client like Thunderbird which is free. Then log into your account in Thunderbird and see if ESET can pinpoint the email location this time. Unfortunately, Eset's e-mail phishing protection doesn't work in Thunderbird. Ditto for any of the e-mail plug-ins Eset uses. On the other hand, these .pdf files appear to be detected via an Eset real-time processing signature. As such, Eset might detect them via Thunderbird e-mail delivery. I am also wondering if using on-line browser based G-mail would be better to pinpoint the .pdf files? Edited March 6 by itman Quote Link to comment Share on other sites More sharing options...
SeriousHoax 71 Posted March 7 Share Posted March 7 17 hours ago, itman said: Unfortunately, Eset's e-mail phishing protection doesn't work in Thunderbird. Ditto for any of the e-mail plug-ins Eset uses. On the other hand, these .pdf files appear to be detected via an Eset real-time processing signature. As such, Eset might detect them via Thunderbird e-mail delivery. I am also wondering if using on-line browser based G-mail would be better to pinpoint the .pdf files? What I mean is that if the email is loaded in Thunderbird mainly when ESET's protection is off then scanning Thunderbird's profile folder might be able to pinpoint the exact email. I don't know if ESET can do that but as I shared above, Bitdefender can. I was able to find the exact email like this using Bitdefender in the past. It was an unprotected zip sample present in my sent emails that I sent to another AV lab. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.