HTML:Iframe-inf cpm.livegoal.net

[REDACTED]

Hello and Happy Holidays:

I would like to remove whatever it is on my MacBook that is causing these popups.
HTML:Iframe-inf cpm.livegoal.net (see attached jpg)
I've completely scanned my computer with Avast for Mac 2015 (latest program updates and virus definitions) and MalwareBytes. Neither program identifies a virus.
I have neve visited this site nor do I know what makes it pop up.

Can somebody please shed some light on how to get rid of this anoying popup?

Thanks,
Kirk
 

[REDACTED]

45 views and no suggestions? Hmmmmm....

[REDACTED]

Despite the fact that this HTML:Iframe-inf infection having been around for years, Avast seems completely ineffective at removing the source. Sure, it identifies the threat, but I want it removed. I'm not visiting the offending site and have no idea how to determine what is; that's what I expect Avast to do.

I think it's time to install another product. I can't go on like this and so far Avast and it's forum has been as frustrating as the virus itself.

[Eddy]

https://www.virustotal.com/en/domain/cpm.livegoal.net/information/
https://www.virustotal.com/en/file/4cfd0d162c7631b8f8eb844dbfde7ae4e2450318819fd44481d811789666eb4e/analysis/

[Pondus]

I'm not visiting the offending site and have no idea how to determine what is; that's what I expect Avast to do.

are you wisiting another site when you see this?

See your posted picture > Process: .....  is that trying to connect to that site?

Link goes to an ad for some game, 4 different pictures are rolling there

see here, Detected by Suricata filter > urlQuery  http://urlquery.net/report.php?id=1452017380573 

[Pondus]

Second opinion just to confirm, avast detection is correct

Message from F-secure lab
============================================================================
The file you sent was found to be malicious.

We will be detecting the sample you submitted as Trojan.Iframe.CIC in the next database update.
=============================================================================

[REDACTED]

Many times, when the popup warning me that an infection was blocked, Safari is open but sitting idle. I'm often just on the google search engine page. I have 4 users on the MacBook and each of us is is seeing the popups. we are not all visiting the same websites.
Regarding the process: in desperation, I found and deleted the file that the process highlighted. After rebooting the MacBook, Safari would no longer open. I had to reinstall Safari, and the popups resumed. I've concluded there is malware on the laptop that MalwareBytes and Avast cannot locate or remove. Avast at least detects the infection, which is something I suppose, but I'm trying to clean my system.
When I used to drive a Windoze box at home, I would have reluctantly reformatted the hard drive and reinstalled the OS from scratch. I do not want to have to do that on the MacBook.

- I see that the problem is being confirmed by f-secure and virus total; are these respected replacements for avast?
- F-Secure detects Trojan.Iframe.CIC; should I be looking for a removal tool for Trojan.Iframe.CIC from F-secure?

It's nice to finally have some feedback for this troublesome infection; thank you!

[Eddy]

Trojan:JS/Iframe.CIC (and other variants of that trojan) is a malicious JavaScript file that is embedded into malicious or compromised webpages, usually via SQL injection or through Blackhat search engine optimization (SEO) poisoning.

If a user visits a website that contains this malicious JavaScript, it redirects them to another website that may download other malware into the computer.

Some of the names that other av vendors are using for it are:
HTML/Redirect.FQ (Avira)
JS.Redirector.145 (Dr.Web)
JS/Exploit-Blacole.gg (McAfee)
JS/Redir.JP.gen (Command)
Troj/Exploit-J (Sophos)
Trojan.Script (Ikarus)
Trojan.Script.478237 (BitDefender),

[Pondus]

I've concluded there is malware on the laptop ......

infection is located on the website not in your computer  (i uploaded the html code from the url to f-secure)  but something is trying to connect to that URL

anyway i know nada about Mac so cant help much there

[REDACTED]

Thanks for the clarification. I did a full reset on Safari but the problem persisted. Is there any way to tell what's calling the browser to try to go to the website livegoal.net?

I appreciate that you are not familiar with Mac OS. Should I be posting this in another forum for the Safari browser?

[Eddy]

I suggest you ask here > https://discussions.apple.com/welcome

Have you already tried a other browser ?
If a other one doesn't have the problem it will narrow down the cause of the problem.
Try e.g. http://www.opera.com/computer/mac

[tumic]

Hi,
The problem is that all applications using the standard ObjectiveC framework
connect to HTTP/HTTPS servers using a single "WebKit" process, so it is not
easy to find out, what process (application) is causing the traffic.

You have to fiddle with debugers, process listings, network traffic analysis, etc...
to find it out, which is out of scope of a normal user (and can not be easily explained
to them).

[REDACTED]

I have tried other browsers, but the error appears to be coming from safari. I'm not really looking for another browser. The goal is to clean my system. Safari is to Mac OS as Exploder is to Windoze.

I'm happy to fiddle, but first I need to find a willing sole that will begin to describe how to find the offender and remove it. I stopped using windows at home some time ago and I have several machines that run linux. I don't like to use command line but can and often do to resolve linux issues.

Any takers willing to help me debug, sniff, and squish? I'll try the apple reference above, but I thought the AV Experts might be in a better position to help.