Author Topic: HTML:Iframe-inf Malware infection?  (Read 10347 times)

Offline Bob338

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
HTML:Iframe-inf Malware infection?
« on: August 24, 2010, 03:53:06 AM »
Do I or don't I have an infection?
Running Windows 7 32 bit, IE8, Avast 5.0, and current Malwarebytes. While trying to access a site I visit regularly Avast reported a threat from HTML:Iframe-inf and blocked access to the site. Both a Quick scan and a Full scan showed nothing. Likewise with MBAM yet every time I try to go back to the site Avast reports threat and blocks access. CCleaner has been run multiple times and all cookies removed.
Report to webmaster of the target site advises they have no problem yet threat continues to be reported and the site is blocked to me. In desparation I found a site with apparent knowledge of the threat, F-Secure, ran their free quick scan which turned up 4 items of spyware that were removed and not reported or found by either Avast or MBAM. Still blocked I ran a full scan and turned up two more, all listed as tracking cookies. When blocking continued a further scan of only the reported process with the problem, Internet Explorer, turned up three more tracking cookies yet neither Avast nor MBAM reports any problem and I still can't access the site I want.
What is the fix and why do neither Avast nor Malwarbytes see the problem?

Offline Gargamel360

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 2358
  • Gender: Male
  • Memento Mori
    • Personal Message (Offline)
Re: HTML:Iframe-inf Malware infection?
« Reply #1 on: August 24, 2010, 04:00:52 AM »
You are not getting infected, as Avast! will not let you go there.  Is that a web shield detection, or network shield?  Web shield, I would guess. 

You could run the website through here, see what it says>>http://www.urlvoid.com/
                                                                                    http://vscan.urlvoid.com/
« Last Edit: August 24, 2010, 04:03:22 AM by Gargamel360 »
Signature?  But I gots no pen....

Offline Bob338

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: HTML:Iframe-inf Malware infection?
« Reply #2 on: August 24, 2010, 12:39:13 PM »
Thanks.
In one case it says it's clean. The other says it cannot fetch.
That being the case I obviously have something in the computer that is blocking that site. How do I get rid of it? And, where did it come from and why didn't Avast and Malwarebytes not detect and F-Secure did?
That IS a Web Shield detection.
« Last Edit: August 24, 2010, 12:52:45 PM by Bob338 »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21800
  • Gender: Male
    • Personal Message (Offline)
Re: HTML:Iframe-inf Malware infection?
« Reply #3 on: August 24, 2010, 12:57:47 PM »
avast and MBAM does not scan for cookies

Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

Quote
I visit regularly Avast reported a threat from HTML:Iframe-inf and blocked access to the site.
what is the URL in question?     when you post it use hxxp and not http or wxw and not www so the link is not clickable

when you see the popup from avast with HTML:iframe, is there a URL listed on it ?
« Last Edit: August 24, 2010, 02:09:31 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Bob338

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: HTML:Iframe-inf Malware infection?
« Reply #4 on: August 24, 2010, 02:22:50 PM »
The "object" listed is "hXXp://www.pcmech.com/forum/│>{gzip}"

While cookies may not be dangerous they are an invasion of privacy. And if they aren't dangerous why does Avast perceive a threat?


Note: Corrected typo in URL.
« Last Edit: August 24, 2010, 09:54:41 PM by Bob338 »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21800
  • Gender: Male
    • Personal Message (Offline)
Re: HTML:Iframe-inf Malware infection?
« Reply #5 on: August 24, 2010, 03:12:29 PM »
Can not scan the website as it seems to be down 
http://downforeveryoneorjustme.com/%20http://www.pchmech.com/forum/
maybe they have been alerted of the website infection ( HTML:iframe ) and have taken the website down for cleaning ?

Quote
While cookies may not be dangerous they are an invasion of privacy. And if they aren't dangerous why does Avast perceive a threat?
avast does not react on cookies

HTML:Iframe-inf wordpress Infection
http://fieldsmarshall.com/htmliframe-inf-wordpress-infection/
http://www.youtube.com/watch?v=HXzLgY2f01U
« Last Edit: August 24, 2010, 03:14:30 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: HTML:Iframe-inf Malware infection?
« Reply #6 on: August 24, 2010, 03:16:41 PM »
Because avast isn't alerting on a cookie, but the loading of a compressed javascript file that is what the {gzip} part is about.

I have tried visiting that forum and I can't connect to it, firefox is spinning its wheels trying to load, so perhaps there is something going on at the site, cleaning up ???

It looks like the site is down, see image, http://downorme.com/pchmech.com.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Bob338

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: HTML:Iframe-inf Malware infection?
« Reply #7 on: August 24, 2010, 03:17:23 PM »
I've accessed it several times this morning and was on it just before I came here. It's NOT down.

Offline CharleyO

  • avast! Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7102
  • Gender: Male
  • Be alert for error code - ID 10T
    • Personal Message (Offline)
Re: HTML:Iframe-inf Malware infection?
« Reply #8 on: August 24, 2010, 03:25:46 PM »
***

Yes, it is down. Click the image below to enlarge.


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: HTML:Iframe-inf Malware infection?
« Reply #9 on: August 24, 2010, 03:31:28 PM »
I've accessed it several times this morning and was on it just before I came here. It's NOT down.

Sorry but your post is bracketed by two reports that it is down, I visited the downorme.com site to check after I couldn't connect.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21800
  • Gender: Male
    • Personal Message (Offline)
Re: HTML:Iframe-inf Malware infection?
« Reply #10 on: August 24, 2010, 03:34:30 PM »
Quote
Sorry but your post is bracketed by two reports that it is down, I visited the downorme.com site to check after I couldn't connect.
three  ;)
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Bob338

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Re: HTML:Iframe-inf Malware infection?
« Reply #11 on: August 24, 2010, 09:57:02 PM »
My bad, typo, I inserted an extra letter in the address S/B pcmech.com, not pch.

I'm still having the problem.

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21800
  • Gender: Male
    • Personal Message (Offline)
Re: HTML:Iframe-inf Malware infection?
« Reply #12 on: August 24, 2010, 10:09:51 PM »
No detection on any online webscanners, is your avast updated? latest is 100824-0
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: HTML:Iframe-inf Malware infection?
« Reply #13 on: August 24, 2010, 11:09:50 PM »
Same here no detection on the hXXp://www.pcmech.com/forum/ link.

Try clearing your browser cache and ensure you have the latest virus signatures as mentioned.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20172
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Re: HTML:Iframe-inf Malware infection?
« Reply #14 on: August 24, 2010, 11:23:06 PM »
Hi DavidR,

Browser Defender detected it, but now as it seams clean gives it as clean: http://www.browserdefender.com/site/pcmech.com/
But I would block this adware on that site: htxp://kona.kontera.com/javascript/lib/KonaLibInline.js
If you use Firefox, just install AdBlock and add htxp://kona.kontera.com/javascript/lib/KonaLibInline.js as a filter. (with http of course)
Then these ads will disappear completely,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now