Avast WEBforum
Other => General Topics => Topic started by: val on February 23, 2005, 05:17:26 PM
-
While scanning, avast detected Sober-C in my Mails/Inbox and suggested to delete the file. So I did, and now all my mails are gone!
Is there any possibility to rescue them??? (I'm using Mozilla; Windows XP)
-
You can put the file back from the virus chest, but that is not recommended since you will bring your system the risk of getting infected.
-
thanks, but the problem is, its not in the virus chest, because i clicked "delete"
-
Try this tiny free utility: http://www.snapfiles.com/get/restoration.html
-
thx i tried, but no deleted files at the specific time.
seems that just (the main) parts were deleted out of the file (=inbox), and only the oldest 2 mails were left...
is there any other chance?
-
It is not recommended to use the inbox for general email storage, the inbox is the most prone to corruption and in this case deletion. Mozilla and Thunderbird's FAQ/advice is not to use the inbox for general storage.
Think of the inbox as more of a pending tray, once viewed and actioned move it to a more appropriate email folder, Personal, Newsletters, etc. etc. That way if you do lose it not much harm is done.
Your are taking regular backups of you email folders aren't you ;D
-
thx i tried, but no deleted files at the specific time.
seems that just (the main) parts were deleted out of the file (=inbox), and only the oldest 2 mails were left...
is there any other chance?
I would suggest a google search for something like "recovery of deleted mozilla inbox" or "mailbox recovery tool" without the quotes. I would also suggest a visit to the mozilla forum, you can be assured you aren't the first this has happened to.
-
...well... i guess i'll learn something out of this... ;D
thanks, its worth a try (and i'm sure i'm not the only one!)
-
val, when you pressed the delete button, there should have been a warning that you were going to delete a file that may contain your mailbox (if the filename was Inbox indeed). Did you get such a warning?
-
hi igor, no i didn't get any warning
logviewer/warning says the following:
...Sign of "Win32:Sober-C [Wrm]" has been found in
"C:\....\Mozilla\Profiles\default\dgw95nm0.slt\Mail\pop.mail.yahoo.de\
Inbox\PartNo_0#4261281382\PartNo_0#2531855753\PartNo_0#1985124356\PartNo_0#3452606941\PartNo_0#2594505470\PartNo_0#2081721096" file.
-
And this is the only warning about infection you have there?
If yes, it's really strange. In this case, the virus was correctly detected inside of the mailbox, in a particular message (that's the part following the Inbox part) - not in the Inbox file itself (it would be the end of the path in that case). So, it should have been deleted correctly, without corrupting/deleting the mailbox... :-\
I guess you have overwritten the Inbox file already, did you? I wish we could find out what went wrong...
-
well, there are many warnings. yesterday there were 4, the other 3 about Win32:Trojano-834 and 781... but those i put in the virus chest - as was suggested by avast (only for the sober-c it suggested "delete")
when and how is the inbox file overwritten? i have received new mails since then, if thats what you mean.
i still wonder why it was in the inbox, usually i delete strange messages (but i do not empty the trash on a regulary basis)
-
To be more precise. It is the space on the disk where the inbox file was stored that is overwritten. You store a file on the disk (in this case the inbox file). If you delete that file, it is not gone. It is only marked so that Windows won't show it. (That is why you still can put files back if they are in the recycle bin) If you empty the recycle bin almost the same happens. But this time they are marked so that they don't show up in the recycle bin either. But still the file is there on the disk. As long as the space the file is on is not overwritten by (any) other file, you can retrieve it with a util like Vlk posted.
If the diskspace that the file is on is overwritten it is not possible for the user to get it back anymore, unless you hire a recovery specialized company like Ontrack. But that will cost a lot of money.
I hope this explains it for you.
-
i understand, but i'm not sure, wether igor meant this - i can't (easily) know where something is written to
-
I believe that if other messages were already received, there's no way to find out anything useful from the file.
-
well, thanks a lot to all of you! - i guess that's it.. best wishes, val