Author Topic: HTML:Iframe-inf Malware infection?  (Read 21435 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: HTML:Iframe-inf Malware infection?
« Reply #15 on: August 25, 2010, 01:30:16 AM »
Hi DavidR,
<snip>
But I would block this adware on that site: htxp://kona.kontera.com/javascript/lib/KonaLibInline.js
If you use Firefox, just install AdBlock and add htxp://kona.kontera.com/javascript/lib/KonaLibInline.js as a filter. (with http of course)
Then these ads will disappear completely,

polonus

I didn't get any ads, so presumably it is already blocked in my ABP ;D
« Last Edit: August 25, 2010, 01:32:44 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: HTML:Iframe-inf Malware infection?
« Reply #16 on: August 25, 2010, 01:42:03 AM »
Hi DavidR,

Well I knew you had the right subscription lists in there, you are an ad-blocking savvy,  ;D

pol
« Last Edit: August 25, 2010, 01:43:36 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Bob338

  • Guest
Re: HTML:Iframe-inf Malware infection?
« Reply #17 on: August 25, 2010, 01:56:13 AM »
No detection on any online webscanners, is your avast updated? latest is 100824-0

I have a version later than this updated this AM, 100824-1

Browser cache is clean.

In order to reach the site I wanted I temporarily disabled the Web Shield for 10 minutes. Now I find I can't enable it, my mouse is inert on "fix" button as well as the enable one on the tool bar from the logo. If I click the 'enable all shields', the Web Shield remains disabled.  ????
« Last Edit: August 25, 2010, 02:01:37 AM by Bob338 »

Juppy

  • Guest
Re: HTML:Iframe-inf Malware infection?
« Reply #18 on: August 25, 2010, 09:45:44 AM »
For those of you that are loading the site that Bob338 linked to ( hxxp://www.pcmech.com/forum/ ) are you actually loading various threads to test this?   Because I go to that same site all the time and have the same problem, and the only time I get hit with the HTML: Iframe-inf detection is when I load each individual thread.   I originally had to make an exclusion in Avast's Web Shield to be able to access the site at all, but now I just get the detection when I go into a forum and load a thread up.

On mine, Avast ends up alerting about this through the File shield by popping up the red box stating the offender as HTML: Iframe-inf, but the location it shows is my Temporary Internet Files folder on my hard drive.   After visiting the site, I can do a scan of my drive with Avast and it will find these "threats" in that folder, with the names of the threads, like C:/Documents and Settings/*all the other stuff here*/Temporary Internet Files/Content.IE5/PTKCZ913/216397-norton-complains-about-attack-any-time-i-visit-pcmech-page[1].html.  <That last part, from the numbers on, is the name of the thread where we're talking about the problem on that site, in case you're wondering.   After scanning with Avast and deleting the problems, everything's fine until I go back there again.   I've cleared out my Temp folders thinking maybe it was something left over from the old site (before the new site was launched recently, which is when the problems started) and have current definitions; 100824-1.
« Last Edit: August 25, 2010, 09:59:19 AM by Juppy »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: HTML:Iframe-inf Malware infection?
« Reply #19 on: August 25, 2010, 03:10:40 PM »
No I'm not, because the OP didn't post any links other than the default forum home page.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Bob338

  • Guest
Re: HTML:Iframe-inf Malware infection?
« Reply #20 on: August 25, 2010, 05:16:28 PM »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: HTML:Iframe-inf Malware infection?
« Reply #21 on: August 25, 2010, 05:49:36 PM »
Which seems to confirm a good detection by the web shield once again, on an injected iframe.

This injected iframe seems only effected IE and not firefox which I use as my default browser and which I won't use to investigate possible malicious sites.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Juppy

  • Guest
Re: HTML:Iframe-inf Malware infection?
« Reply #22 on: August 25, 2010, 10:46:01 PM »
Yeah, it seems to have affected only IE.   Version didn't matter either, because when it started, I was using Maxthon with IE7 and it did it, then changed to Maxthon2 with IE8 and it still did it.  Firefox didn't have that problem though.

I really *was* beginning to question whether it was a FP in Avast, but at the same time I found that hard to believe since that was the only site that was making Avast scream.   Looks like Avast wasn't crazy after all.   ;D
« Last Edit: August 25, 2010, 10:49:03 PM by Juppy »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: HTML:Iframe-inf Malware infection?
« Reply #23 on: August 25, 2010, 11:00:45 PM »
Which seems to confirm a good detection by the web shield once again, on an injected iframe.
Congratulations to avast team!
The best things in life are free.