Author Topic: HTML:Iframe-inf Malware infection?  (Read 21437 times)

0 Members and 1 Guest are viewing this topic.

Bob338

  • Guest
HTML:Iframe-inf Malware infection?
« on: August 24, 2010, 05:53:06 AM »
Do I or don't I have an infection?
Running Windows 7 32 bit, IE8, Avast 5.0, and current Malwarebytes. While trying to access a site I visit regularly Avast reported a threat from HTML:Iframe-inf and blocked access to the site. Both a Quick scan and a Full scan showed nothing. Likewise with MBAM yet every time I try to go back to the site Avast reports threat and blocks access. CCleaner has been run multiple times and all cookies removed.
Report to webmaster of the target site advises they have no problem yet threat continues to be reported and the site is blocked to me. In desparation I found a site with apparent knowledge of the threat, F-Secure, ran their free quick scan which turned up 4 items of spyware that were removed and not reported or found by either Avast or MBAM. Still blocked I ran a full scan and turned up two more, all listed as tracking cookies. When blocking continued a further scan of only the reported process with the problem, Internet Explorer, turned up three more tracking cookies yet neither Avast nor MBAM reports any problem and I still can't access the site I want.
What is the fix and why do neither Avast nor Malwarbytes see the problem?

Gargamel360

  • Guest
Re: HTML:Iframe-inf Malware infection?
« Reply #1 on: August 24, 2010, 06:00:52 AM »
You are not getting infected, as Avast! will not let you go there.  Is that a web shield detection, or network shield?  Web shield, I would guess. 

You could run the website through here, see what it says>>http://www.urlvoid.com/
                                                                                    http://vscan.urlvoid.com/
« Last Edit: August 24, 2010, 06:03:22 AM by Gargamel360 »

Bob338

  • Guest
Re: HTML:Iframe-inf Malware infection?
« Reply #2 on: August 24, 2010, 02:39:13 PM »
Thanks.
In one case it says it's clean. The other says it cannot fetch.
That being the case I obviously have something in the computer that is blocking that site. How do I get rid of it? And, where did it come from and why didn't Avast and Malwarebytes not detect and F-Secure did?
That IS a Web Shield detection.
« Last Edit: August 24, 2010, 02:52:45 PM by Bob338 »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: HTML:Iframe-inf Malware infection?
« Reply #3 on: August 24, 2010, 02:57:47 PM »
avast and MBAM does not scan for cookies

Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

Quote
I visit regularly Avast reported a threat from HTML:Iframe-inf and blocked access to the site.
what is the URL in question?     when you post it use hxxp and not http or wxw and not www so the link is not clickable

when you see the popup from avast with HTML:iframe, is there a URL listed on it ?
« Last Edit: August 24, 2010, 04:09:31 PM by Pondus »

Bob338

  • Guest
Re: HTML:Iframe-inf Malware infection?
« Reply #4 on: August 24, 2010, 04:22:50 PM »
The "object" listed is "hXXp://www.pcmech.com/forum/│>{gzip}"

While cookies may not be dangerous they are an invasion of privacy. And if they aren't dangerous why does Avast perceive a threat?


Note: Corrected typo in URL.
« Last Edit: August 24, 2010, 11:54:41 PM by Bob338 »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: HTML:Iframe-inf Malware infection?
« Reply #5 on: August 24, 2010, 05:12:29 PM »
Can not scan the website as it seems to be down 
http://downforeveryoneorjustme.com/%20http://www.pchmech.com/forum/
maybe they have been alerted of the website infection ( HTML:iframe ) and have taken the website down for cleaning ?

Quote
While cookies may not be dangerous they are an invasion of privacy. And if they aren't dangerous why does Avast perceive a threat?
avast does not react on cookies

HTML:Iframe-inf wordpress Infection
http://fieldsmarshall.com/htmliframe-inf-wordpress-infection/
http://www.youtube.com/watch?v=HXzLgY2f01U
« Last Edit: August 24, 2010, 05:14:30 PM by Pondus »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: HTML:Iframe-inf Malware infection?
« Reply #6 on: August 24, 2010, 05:16:41 PM »
Because avast isn't alerting on a cookie, but the loading of a compressed javascript file that is what the {gzip} part is about.

I have tried visiting that forum and I can't connect to it, firefox is spinning its wheels trying to load, so perhaps there is something going on at the site, cleaning up ???

It looks like the site is down, see image, http://downorme.com/pchmech.com.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Bob338

  • Guest
Re: HTML:Iframe-inf Malware infection?
« Reply #7 on: August 24, 2010, 05:17:23 PM »
I've accessed it several times this morning and was on it just before I came here. It's NOT down.

CharleyO

  • Guest
Re: HTML:Iframe-inf Malware infection?
« Reply #8 on: August 24, 2010, 05:25:46 PM »
***

Yes, it is down. Click the image below to enlarge.


***

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: HTML:Iframe-inf Malware infection?
« Reply #9 on: August 24, 2010, 05:31:28 PM »
I've accessed it several times this morning and was on it just before I came here. It's NOT down.

Sorry but your post is bracketed by two reports that it is down, I visited the downorme.com site to check after I couldn't connect.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: HTML:Iframe-inf Malware infection?
« Reply #10 on: August 24, 2010, 05:34:30 PM »
Quote
Sorry but your post is bracketed by two reports that it is down, I visited the downorme.com site to check after I couldn't connect.
three  ;)

Bob338

  • Guest
Re: HTML:Iframe-inf Malware infection?
« Reply #11 on: August 24, 2010, 11:57:02 PM »
My bad, typo, I inserted an extra letter in the address S/B pcmech.com, not pch.

I'm still having the problem.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: HTML:Iframe-inf Malware infection?
« Reply #12 on: August 25, 2010, 12:09:51 AM »
No detection on any online webscanners, is your avast updated? latest is 100824-0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: HTML:Iframe-inf Malware infection?
« Reply #13 on: August 25, 2010, 01:09:50 AM »
Same here no detection on the hXXp://www.pcmech.com/forum/ link.

Try clearing your browser cache and ensure you have the latest virus signatures as mentioned.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: HTML:Iframe-inf Malware infection?
« Reply #14 on: August 25, 2010, 01:23:06 AM »
Hi DavidR,

Browser Defender detected it, but now as it seams clean gives it as clean: http://www.browserdefender.com/site/pcmech.com/
But I would block this adware on that site: htxp://kona.kontera.com/javascript/lib/KonaLibInline.js
If you use Firefox, just install AdBlock and add htxp://kona.kontera.com/javascript/lib/KonaLibInline.js as a filter. (with http of course)
Then these ads will disappear completely,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!