Jump to content

Help finding gmail attachment with PDF/Phishing.A.Gen


Recommended Posts

My ESET NOD32 keeps finding PDF/Phishing.A.Gen files within my offline version of Google Mail. As far as I can tell it's the same couple of files as Gmail keeps re-downloading them. Does anyone know  how to match the ESET log to the actual location of the file in gmail so I can delete it?

-------
Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
2023-03-05 9:03:17 AM;Real-time file system protection;file;C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\217a4f4b-d804-434f-9102-a45277e8cfb3\cebd6968102eee37_0;PDF/Phishing.A.Gen trojan;cleaned by deleting;GEOFF-NITRO\geoff;Event occurred on a new file created by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (6B4F135E1D7018079AC7262451C3A4E3278F2134).;EE1990D2C8FBA33E8A366555A1F44B1F6120A37F;2023-03-05 9:02:39 AM

Link to comment
Share on other sites

  • Most Valued Members
1 hour ago, Geoffr said:

My ESET NOD32 keeps finding PDF/Phishing.A.Gen files within my offline version of Google Mail. As far as I can tell it's the same couple of files as Gmail keeps re-downloading them. Does anyone know  how to match the ESET log to the actual location of the file in gmail so I can delete it?

-------
Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
2023-03-05 9:03:17 AM;Real-time file system protection;file;C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\217a4f4b-d804-434f-9102-a45277e8cfb3\cebd6968102eee37_0;PDF/Phishing.A.Gen trojan;cleaned by deleting;GEOFF-NITRO\geoff;Event occurred on a new file created by the application: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (6B4F135E1D7018079AC7262451C3A4E3278F2134).;EE1990D2C8FBA33E8A366555A1F44B1F6120A37F;2023-03-05 9:02:39 AM

Try to check inside the Quarantine area in ESET , check for the file name and then search your email for that nameof.pdf and then get rid of the email , it should cease

Link to comment
Share on other sites

Marcos,
Here is the requested log.

NightOwl,
The problem is the files don't have the name of the attachement in Google (the Gmail Cache doesn't use the same file name )

eav_logs.zip

Link to comment
Share on other sites

  • Administrators

I confirm the detection is correct. You have quite may scam PDFs like that in quarantine. Unfortunately the ELC logs contained only quarantined files so I could not check your configuration. Files downloaded by Chrome should be normally detected by the https scanner upon download.

image.png

Link to comment
Share on other sites

If you can't find any other solution then one thing you can try is temporarily install an email client like Thunderbird which is free. Then log into your account in Thunderbird and see if ESET can pinpoint the email location this time. Maybe even disable ESET's protection temporarily while logging in so that the malicious attachment is loaded in Thunderbird's email files and then scan it using ESET. Though I don't know if ESET's scanner will show you the exact email, not every product can do this I think. This is something Bitdefender can, and it was helpful for me when I had slightly different but similar situation to yours a few years ago.

Remove threats detected in e-mail attachments after a Bitdefender scan

Link to comment
Share on other sites

5 hours ago, SeriousHoax said:

If you can't find any other solution then one thing you can try is temporarily install an email client like Thunderbird which is free. Then log into your account in Thunderbird and see if ESET can pinpoint the email location this time.

Unfortunately, Eset's e-mail phishing protection doesn't work in Thunderbird. Ditto for any of the e-mail plug-ins Eset uses.

On the other hand, these .pdf files appear to be detected via an Eset real-time processing signature. As such, Eset might detect them via Thunderbird e-mail delivery.

I am also wondering if using on-line browser based G-mail would be better to pinpoint the .pdf files?

Edited by itman
Link to comment
Share on other sites

17 hours ago, itman said:

Unfortunately, Eset's e-mail phishing protection doesn't work in Thunderbird. Ditto for any of the e-mail plug-ins Eset uses.

On the other hand, these .pdf files appear to be detected via an Eset real-time processing signature. As such, Eset might detect them via Thunderbird e-mail delivery.

I am also wondering if using on-line browser based G-mail would be better to pinpoint the .pdf files?

What I mean is that if the email is loaded in Thunderbird mainly when ESET's protection is off then scanning Thunderbird's profile folder might be able to pinpoint the exact email. I don't know if ESET can do that but as I shared above, Bitdefender can. I was able to find the exact email like this using Bitdefender in the past. It was an unprotected zip sample present in my sent emails that I sent to another AV lab. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...