Author Topic: Trojan Detected - HTML:Iframe-QH [Trj]  (Read 10762 times)

0 Members and 1 Guest are viewing this topic.

Offline archtea

  • Newbie
  • *
  • Posts: 3
Re: Trojan Detected - HTML:Iframe-QH [Trj]
« Reply #15 on: June 22, 2012, 08:56:58 PM »
Ran full scan and detected 1 infection - iframe-qh - moved to chest and current rebooting and scanning.

Strange thing is I have a works computer which i have just booted, the anti virus (micro trend) is blocking URL websites even though I am not connected to a search engine only via LAN.

Has someone hacked my network connection (it is Wpa secured) ?

Offline Atreides

  • Newbie
  • *
  • Posts: 1
Re: Trojan Detected - HTML:Iframe-QH [Trj]
« Reply #16 on: June 23, 2012, 06:03:58 PM »
Hi I have had the same notification when my wife tries to log on to the Boden site www.boden.co.uk Scanned the computer and havent found anything.

From the virus chest - C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FCN4Z7YR\Login[1].htm   HTML:Iframe-QH[trj]


Offline wils1989

  • Newbie
  • *
  • Posts: 8
Re: Trojan Detected - HTML:Iframe-QH [Trj]
« Reply #17 on: June 23, 2012, 06:09:07 PM »
Without wanting to alarm anyone, and it may be completely unrelated, but two fraudulent transactions were made online on my debit card two days ago. I received a call from Halifax who informed me both transactions had not gone through but it was best to cancel my card and get a new one. I've also done a full scan and found nothing. There are a couple of users on another forum, hotukdeals, who have advised their Avast also detected this Trojan when going onto shopping sites.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33337
  • malware fighter
Re: Trojan Detected - HTML:Iframe-QH [Trj]
« Reply #18 on: June 23, 2012, 06:28:54 PM »
@Atreides,

Break that link like hxtp or wXw.
There is supicious code there:
wXw.boden.co.uk/JavaScript/JQuery/jquery.fancybox-1.3.4.pack.js?v=27 benign
[nothing detected] (script) wXw.boden.co.uk/JavaScript/JQuery/jquery.fancybox-1.3.4.pack.js?v=27
     status: (referer=wXw.boden.co.uk/)saved 15624 bytes caeb31e930068ce5820b239d44d8415f95957138
     info: [embed] wXw.boden.co.uk/JavaScript/JQuery/
     info: [iframe] wXw.boden.co.uk/JavaScript/JQuery/
     info: [decodingLevel=0] found JavaScript
     error: undefined variable jQuery
     error: undefined variable Image
     suspicious,

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline martdee

  • Newbie
  • *
  • Posts: 1
Re: Trojan Detected - HTML:Iframe-QH [Trj]
« Reply #19 on: June 23, 2012, 10:17:08 PM »
New to this site and trying to find a solution to this message. I have  done a quick scan and all is clear. The web shield log tell me it has page blocked. There were no alerts while browsing the Debenham's site but as soon as I tried to "add to basket" Avast sent the Trojan detected message.
What action is recommended now?
Please consider that I am not the most computer literate person but I am trying  :-[
Thanks for reading this post
« Last Edit: June 23, 2012, 10:19:59 PM by martdee »

Offline asenden

  • Newbie
  • *
  • Posts: 1
Re: Trojan Detected - HTML: THOMASCOOK.COM
« Reply #20 on: June 25, 2012, 11:16:05 AM »
Hi,

we (thomascook.com IT team) have received lots of feedback from our site visitor.

First of all thank you very much for your feedback

We can assure you that this is a FALSE POSITIVE caused by a JavaScript of one of our 3rd party tracking tools. Using the thomascook.com and any other Thomascook website is absoloutly safe.

We are working very hard with our vendor to solve this as soon as possible and keep you updated

Regards
A. Senden
Thomascook Online

Offline True Indian

  • Malware Hunter
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 710
  • A Good Old Indian!
Re: Trojan Detected - HTML:Iframe-QH [Trj]
« Reply #21 on: June 25, 2012, 11:21:55 AM »
@asenden

though i would consider waiting for a reply from the avast! team  :)
« Last Edit: June 25, 2012, 11:40:47 AM by true indian »

Online Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2245
Re: Trojan Detected - HTML:Iframe-QH [Trj]
« Reply #22 on: June 25, 2012, 11:25:45 AM »
Hello,
it looks it was false positive (detection is now disabled).

Milos

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 72300
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Trojan Detected - HTML: THOMASCOOK.COM
« Reply #23 on: June 25, 2012, 11:25:55 AM »
We can assure you that this is a FALSE POSITIVE caused by a JavaScript of one of our 3rd party tracking tools. Using the thomascook.com and any other Thomascook website is absoloutly safe.

Well...
http://sitecheck.sucuri.net/results/thomascook.com
http://labs.sucuri.net/db/malware/malware-entry-mwjs150
Win 8.1 [x64] - Avast PremSec 21.9.6675.IBC [UI.671] - EEK - Firefox ESR 78.15 [NS/uBO/PB] - TB 91.2.1
Avast-Tools: Secure Browser 95.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.85
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0