IPB

Welcome Guest ( Log In | Register )

2 Pages V   1 2 >  
Closed TopicStart new topic
> HEUR: TROJAN.Script.Iframer, KAS Detected just now!
AmyMc
post 18.01.2009 01:29
Post #1


Newbie
*

Group: Members
Posts: 6
Joined: 7.01.2009
From: Canada




KAS just detected this virus a few minutes ago and when KAS asked if I wanted to Quarenteen, I obviously did what was "recommended". Trying to find it in KAS Virus List pages.....the list cannot be found! Any suggestions? (ASAP Please!!!)
Go to the top of the page
 
+Quote Post
Baz^^
post 18.01.2009 01:34
Post #2


Wrestling Champion
**************

Group: Gold beta testers
Posts: 8799
Joined: 10.03.2007




Hi,

What exactly are you looking for?

It's a heuristic detection of suspicious scripts....where was it detected?


--------------------
Kind Regards,

Baz
Go to the top of the page
 
+Quote Post
AmyMc
post 18.01.2009 01:40
Post #3


Newbie
*

Group: Members
Posts: 6
Joined: 7.01.2009
From: Canada




QUOTE(Baz^^ @ 17.01.2009 16:34) *
Hi,

What exactly are you looking for?

It's a heuristic detection of suspicious scripts....where was it detected?



I just copied this from the Reports page.....btw....I am not very computer friendly! (learning, but slowly)

1/17/2009 4:07:14 PM C:\Documents and Settings\Hello\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\SQJIA7CS\415734[1].htm Internet Explorer Detected: HEUR:Trojan.Script.Iframer
Go to the top of the page
 
+Quote Post
Baz^^
post 18.01.2009 01:43
Post #4


Wrestling Champion
**************

Group: Gold beta testers
Posts: 8799
Joined: 10.03.2007




That is something that you accessed on the internet and stored in your temporary internet files... go ahead and delete it to be safe.


--------------------
Kind Regards,

Baz
Go to the top of the page
 
+Quote Post
AmyMc
post 18.01.2009 01:50
Post #5


Newbie
*

Group: Members
Posts: 6
Joined: 7.01.2009
From: Canada




QUOTE(Baz^^ @ 17.01.2009 16:43) *
That is something that you accessed on the internet and stored in your temporary internet files... go ahead and delete it to be safe.



Strange...I had only just turned on the PC, turned on Hotmail and then the warnings popped up. So, it's quaranteened right now....I can just delete it and all will be good? The report in KIS says that there are "5 Virus and 4 Malware". This stuff just really confuses me. LOL
Go to the top of the page
 
+Quote Post
Ralph1955
post 18.01.2009 05:44
Post #6


Member
**

Group: Members
Posts: 17
Joined: 19.12.2006




QUOTE(AmyMc @ 17.01.2009 16:50) *
Strange...I had only just turned on the PC, turned on Hotmail and then the warnings popped up. So, it's quaranteened right now....I can just delete it and all will be good? The report in KIS says that there are "5 Virus and 4 Malware". This stuff just really confuses me. LOL



I just ran into the same message, but KIS 2009 blocked it.
Go to the top of the page
 
+Quote Post
W000
post 18.01.2009 06:04
Post #7


Newbie
*

Group: Members
Posts: 3
Joined: 18.01.2009




I also received a notice, its similar but not in a temp file like the other one posted. I am also computer ignorant. What should I do with

HEUR:Trojan.script.Iframer C:\ Documents and settings\ local settings\ application\ DATA \Mozilla\ Firefox\ Profiles\ i9iw12hx.default\ Cache\ 8FDD4639d01

I quarantined it, now what do I do?
Go to the top of the page
 
+Quote Post
Baz^^
post 18.01.2009 06:10
Post #8


Wrestling Champion
**************

Group: Gold beta testers
Posts: 8799
Joined: 10.03.2007




Nothing..you dealt with the infected file.


--------------------
Kind Regards,

Baz
Go to the top of the page
 
+Quote Post
hlhart
post 18.01.2009 08:21
Post #9


Newbie
*

Group: Members
Posts: 4
Joined: 18.01.2009




There is a news web site that I go to everyday. When I go to the main site I get a warning from Kaspersky and this is what shows in the reports.

1/16/2009 8:15:27 AM hxxp://content.worldnow.com/global/interface/linksplus/linksplusbridge.js Internet Explorer Detected: HEUR:Trojan.Script.Iframer

Kaspersky is denying the trojan. Is this something I need to let their webmaster know about? I know a great deal of people look at this site all day long.

edit: live link made not.


This post has been edited by richbuff: 18.01.2009 08:28
Go to the top of the page
 
+Quote Post
ctzifbn
post 18.01.2009 10:44
Post #10


Newbie
*

Group: Members
Posts: 2
Joined: 18.01.2009




I now can not get to a part of the web site I visit everyday hxxp://www.nano10.co.il

It does not allow me to view the live broadcast. I get domain/JScript/www.js and something about IFrame.

What can I do to be able to access this or is there really a virus I need to notify the web master

18-Jan-09 8:40:55 hxxp://www.nana10.co.il/JScript/www.js C:\Program Files\INTERNET EXPLORER\ IEXPLORE.EXE 5464 "C:\Program Files\Internet Explorer\iexplore.exe" Detected Virus HEUR:Trojan.Script.Iframer High Probably


Thanks

Paul

edit: live links made not.

This post has been edited by richbuff: 18.01.2009 10:52
Go to the top of the page
 
+Quote Post
richbuff
post 18.01.2009 11:00
Post #11


Are You Kidding?
*****************

Group: Global moderators

Posts: 1000473
Joined: 14.06.2007




Welcome. A new heuristic detection mechanism for malicious scripts was released, so there may be false positives and/or increased detection. Please send such to the Lab, instructions located in third Important pinned topic at top of this forum page; instead of posting live, possibly questionable links on the forum.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
Baz^^
post 19.01.2009 15:43
Post #12


Wrestling Champion
**************

Group: Gold beta testers
Posts: 8799
Joined: 10.03.2007




QUOTE(ctzifbn @ 18.01.2009 06:44) *
I now can not get to a part of the web site I visit everyday hxxp://www.nano10.co.il

It does not allow me to view the live broadcast. I get domain/JScript/www.js and something about IFrame.

What can I do to be able to access this or is there really a virus I need to notify the web master

18-Jan-09 8:40:55 hxxp://www.nana10.co.il/JScript/www.js C:\Program Files\INTERNET EXPLORER\ IEXPLORE.EXE 5464 "C:\Program Files\Internet Explorer\iexplore.exe" Detected Virus HEUR:Trojan.Script.Iframer High Probably


Thanks

Paul

edit: live links made not.


Hi,




It was a false positive, now fixed.



--------------------
Kind Regards,

Baz
Go to the top of the page
 
+Quote Post
Erasmus
post 20.01.2009 18:25
Post #13


Newbie
*

Group: Members
Posts: 5
Joined: 29.08.2008




QUOTE(Baz^^ @ 19.01.2009 06:43) *
Hi,
It was a false positive, now fixed.



I just received the message too. Detected: HEUR:Trojan.Script.Iframer
Go to the top of the page
 
+Quote Post
X_NRG
post 23.01.2009 13:44
Post #14


Newbie
*

Group: Members
Posts: 2
Joined: 23.01.2009




Hi. I just got a "HEUR:Trojan.Script.Iframer" warning message from KIS 9 when trying to access a website that I go to every day.
The website is www.katehizis.com.
Could you, please, check out if this is a false alarm or not? smile.gif

This post has been edited by Lucian Bara: 23.01.2009 13:49
Go to the top of the page
 
+Quote Post
Lucian Bara
post 23.01.2009 13:50
Post #15


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




there's an obfuscated script on the page, so doesn't seem so.
Go to the top of the page
 
+Quote Post
X_NRG
post 23.01.2009 15:54
Post #16


Newbie
*

Group: Members
Posts: 2
Joined: 23.01.2009




Thank you! beer.gif
Go to the top of the page
 
+Quote Post
jondm1
post 25.01.2009 13:27
Post #17


Member
**

Group: Members
Posts: 42
Joined: 31.07.2007




I can no longer get to due to KIS2009 blocking the page due to trojan.script.iframer. Is this a false positive, as I could get to the page a few days ago?

This post has been edited by Lucian Bara: 25.01.2009 13:32
Go to the top of the page
 
+Quote Post
Lucian Bara
post 25.01.2009 13:31
Post #18


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




no,
Attached File  1.png ( 7,77K ) Number of downloads: 136

this code loads an iframe which leads to some porn site (possibly to malware)
Go to the top of the page
 
+Quote Post
jondm1
post 25.01.2009 14:06
Post #19


Member
**

Group: Members
Posts: 42
Joined: 31.07.2007




Thanks Lucian - just looked at it and found some dodgy javascript code. I won't put it on here but code to write a 1x1 invisible iframe pointing to a dodgy site is not good.
Go to the top of the page
 
+Quote Post
Eoin
post 16.02.2009 18:33
Post #20


Newbie
*

Group: Members
Posts: 2
Joined: 16.02.2009




Hello, I am experiencing the exact same problem also with my site www.binarynotions.com It's built on Wordpress using only plug ins hosted on their site. One of them could well be at fault but I don't know enough to investigate. Any advice would be much appreciated smile.gif

This post has been edited by Lucian Bara: 16.02.2009 18:44
Go to the top of the page
 
+Quote Post

2 Pages V   1 2 >
Closed TopicStart new topic

 



Lo-Fi Version Time is now: 26.11.2014 20:09