Geoffr 0 Posted March 5 Share Posted March 5 My ESET NOD32 keeps finding PDF/Phishing.A.Gen files within my offline version of Google Mail. As far as I can tell it's the same couple of files as Gmail keeps re-downloading them. Does anyone know how to match the ESET log to the actual location of the file in gmail so I can delete it? ------- Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 2023-03-05 9:03:17 AM;Real-time file system protection;file;C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\217a4f4b-d804-434f-9102-a45277e8cfb3\cebd6968102eee37_0;PDF/Phishing.A.Gen trojan;cleaned by deleting;GEOFF-NITRO\geoff;Event occurred on a new file created by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (6B4F135E1D7018079AC7262451C3A4E3278F2134).;EE1990D2C8FBA33E8A366555A1F44B1F6120A37F;2023-03-05 9:02:39 AM Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 198 Posted March 5 Most Valued Members Share Posted March 5 1 hour ago, Geoffr said: My ESET NOD32 keeps finding PDF/Phishing.A.Gen files within my offline version of Google Mail. As far as I can tell it's the same couple of files as Gmail keeps re-downloading them. Does anyone know how to match the ESET log to the actual location of the file in gmail so I can delete it? ------- Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 2023-03-05 9:03:17 AM;Real-time file system protection;file;C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\217a4f4b-d804-434f-9102-a45277e8cfb3\cebd6968102eee37_0;PDF/Phishing.A.Gen trojan;cleaned by deleting;GEOFF-NITRO\geoff;Event occurred on a new file created by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (6B4F135E1D7018079AC7262451C3A4E3278F2134).;EE1990D2C8FBA33E8A366555A1F44B1F6120A37F;2023-03-05 9:02:39 AM Try to check inside the Quarantine area in ESET , check for the file name and then search your email for that nameof.pdf and then get rid of the email , it should cease Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted March 5 Administrators Share Posted March 5 Please provide logs collected with ESET Log Collector. Make sure to select all quarantined files: Link to comment Share on other sites More sharing options...
Geoffr 0 Posted March 6 Author Share Posted March 6 Marcos, Here is the requested log. NightOwl, The problem is the files don't have the name of the attachement in Google (the Gmail Cache doesn't use the same file name ) eav_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted March 6 Administrators Share Posted March 6 I confirm the detection is correct. You have quite may scam PDFs like that in quarantine. Unfortunately the ELC logs contained only quarantined files so I could not check your configuration. Files downloaded by Chrome should be normally detected by the https scanner upon download. Link to comment Share on other sites More sharing options...
SeriousHoax 83 Posted March 6 Share Posted March 6 If you can't find any other solution then one thing you can try is temporarily install an email client like Thunderbird which is free. Then log into your account in Thunderbird and see if ESET can pinpoint the email location this time. Maybe even disable ESET's protection temporarily while logging in so that the malicious attachment is loaded in Thunderbird's email files and then scan it using ESET. Though I don't know if ESET's scanner will show you the exact email, not every product can do this I think. This is something Bitdefender can, and it was helpful for me when I had slightly different but similar situation to yours a few years ago. Remove threats detected in e-mail attachments after a Bitdefender scan Link to comment Share on other sites More sharing options...
itman 1,630 Posted March 6 Share Posted March 6 (edited) 5 hours ago, SeriousHoax said: If you can't find any other solution then one thing you can try is temporarily install an email client like Thunderbird which is free. Then log into your account in Thunderbird and see if ESET can pinpoint the email location this time. Unfortunately, Eset's e-mail phishing protection doesn't work in Thunderbird. Ditto for any of the e-mail plug-ins Eset uses. On the other hand, these .pdf files appear to be detected via an Eset real-time processing signature. As such, Eset might detect them via Thunderbird e-mail delivery. I am also wondering if using on-line browser based G-mail would be better to pinpoint the .pdf files? Edited March 6 by itman Link to comment Share on other sites More sharing options...
SeriousHoax 83 Posted March 7 Share Posted March 7 17 hours ago, itman said: Unfortunately, Eset's e-mail phishing protection doesn't work in Thunderbird. Ditto for any of the e-mail plug-ins Eset uses. On the other hand, these .pdf files appear to be detected via an Eset real-time processing signature. As such, Eset might detect them via Thunderbird e-mail delivery. I am also wondering if using on-line browser based G-mail would be better to pinpoint the .pdf files? What I mean is that if the email is loaded in Thunderbird mainly when ESET's protection is off then scanning Thunderbird's profile folder might be able to pinpoint the exact email. I don't know if ESET can do that but as I shared above, Bitdefender can. I was able to find the exact email like this using Bitdefender in the past. It was an unprotected zip sample present in my sent emails that I sent to another AV lab. Link to comment Share on other sites More sharing options...
Recommended Posts