AmyMc

HEUR: TROJAN.Script.Iframer

30 posts in this topic

KAS just detected this virus a few minutes ago and when KAS asked if I wanted to Quarenteen, I obviously did what was "recommended". Trying to find it in KAS Virus List pages.....the list cannot be found! Any suggestions? (ASAP Please!!!)

Share this post


Link to post
Share on other sites

Hi,

 

What exactly are you looking for?

 

It's a heuristic detection of suspicious scripts....where was it detected?

Share this post


Link to post
Share on other sites
Hi,

 

What exactly are you looking for?

 

It's a heuristic detection of suspicious scripts....where was it detected?

 

 

I just copied this from the Reports page.....btw....I am not very computer friendly! (learning, but slowly)

 

1/17/2009 4:07:14 PM C:\Documents and Settings\Hello\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\SQJIA7CS\415734[1].htm Internet Explorer Detected: HEUR:Trojan.Script.Iframer

 

Share this post


Link to post
Share on other sites

That is something that you accessed on the internet and stored in your temporary internet files... go ahead and delete it to be safe.

Share this post


Link to post
Share on other sites
That is something that you accessed on the internet and stored in your temporary internet files... go ahead and delete it to be safe.

 

 

Strange...I had only just turned on the PC, turned on Hotmail and then the warnings popped up. So, it's quaranteened right now....I can just delete it and all will be good? The report in KIS says that there are "5 Virus and 4 Malware". This stuff just really confuses me. LOL

Share this post


Link to post
Share on other sites
Strange...I had only just turned on the PC, turned on Hotmail and then the warnings popped up. So, it's quaranteened right now....I can just delete it and all will be good? The report in KIS says that there are "5 Virus and 4 Malware". This stuff just really confuses me. LOL

 

 

I just ran into the same message, but KIS 2009 blocked it.

Share this post


Link to post
Share on other sites

I also received a notice, its similar but not in a temp file like the other one posted. I am also computer ignorant. What should I do with

 

HEUR:Trojan.script.Iframer C:\ Documents and settings\ local settings\ application\ DATA \Mozilla\ Firefox\ Profiles\ i9iw12hx.default\ Cache\ 8FDD4639d01

 

I quarantined it, now what do I do?

Share this post


Link to post
Share on other sites

There is a news web site that I go to everyday. When I go to the main site I get a warning from Kaspersky and this is what shows in the reports.

 

1/16/2009 8:15:27 AM hxxp://content.worldnow.com/global/interface/linksplus/linksplusbridge.js Internet Explorer Detected: HEUR:Trojan.Script.Iframer

 

Kaspersky is denying the trojan. Is this something I need to let their webmaster know about? I know a great deal of people look at this site all day long.

edit: live link made not.

Edited by richbuff

Share this post


Link to post
Share on other sites

I now can not get to a part of the web site I visit everyday hxxp://www.nano10.co.il

 

It does not allow me to view the live broadcast. I get domain/JScript/www.js and something about IFrame.

 

What can I do to be able to access this or is there really a virus I need to notify the web master

 

18-Jan-09 8:40:55 hxxp://www.nana10.co.il/JScript/www.js C:\Program Files\INTERNET EXPLORER\ IEXPLORE.EXE 5464 "C:\Program Files\Internet Explorer\iexplore.exe" Detected Virus HEUR:Trojan.Script.Iframer High Probably

 

 

Thanks

 

Paul

 

edit: live links made not.

Edited by richbuff

Share this post


Link to post
Share on other sites

Welcome. A new heuristic detection mechanism for malicious scripts was released, so there may be false positives and/or increased detection. Please send such to the Lab, instructions located in third Important pinned topic at top of this forum page; instead of posting live, possibly questionable links on the forum.

Share this post


Link to post
Share on other sites
I now can not get to a part of the web site I visit everyday hxxp://www.nano10.co.il

 

It does not allow me to view the live broadcast. I get domain/JScript/www.js and something about IFrame.

 

What can I do to be able to access this or is there really a virus I need to notify the web master

 

18-Jan-09 8:40:55 hxxp://www.nana10.co.il/JScript/www.js C:\Program Files\INTERNET EXPLORER\ IEXPLORE.EXE 5464 "C:\Program Files\Internet Explorer\iexplore.exe" Detected Virus HEUR:Trojan.Script.Iframer High Probably

 

 

Thanks

 

Paul

 

edit: live links made not.

 

Hi,

 

 

 

 

It was a false positive, now fixed.

 

 

Share this post


Link to post
Share on other sites
Hi,

It was a false positive, now fixed.

 

 

I just received the message too. Detected: HEUR:Trojan.Script.Iframer

 

Share this post


Link to post
Share on other sites

Hi. I just got a "HEUR:Trojan.Script.Iframer" warning message from KIS 9 when trying to access a website that I go to every day.

The website is

www.katehizis.com

.

Could you, please, check out if this is a false alarm or not? :)

Edited by Lucian Bara

Share this post


Link to post
Share on other sites

there's an obfuscated script on the page, so doesn't seem so.

Share this post


Link to post
Share on other sites

I can no longer get to due to KIS2009 blocking the page due to trojan.script.iframer. Is this a false positive, as I could get to the page a few days ago?

Edited by Lucian Bara

Share this post


Link to post
Share on other sites

no,

post-7989-1232875882_thumb.png

this code loads an iframe which leads to some porn site (possibly to malware)

Share this post


Link to post
Share on other sites

Thanks Lucian - just looked at it and found some dodgy javascript code. I won't put it on here but code to write a 1x1 invisible iframe pointing to a dodgy site is not good.

Share this post


Link to post
Share on other sites

Hello, I am experiencing the exact same problem also with my site

www.binarynotions.com

It's built on Wordpress using only plug ins hosted on their site. One of them could well be at fault but I don't know enough to investigate. Any advice would be much appreciated :)

Edited by Lucian Bara

Share this post


Link to post
Share on other sites

Hello, Thank you. The site seems to have been compromised since the last update. I appreciate your speedy response :)

Share this post


Link to post
Share on other sites

yes,first thing in the page source s a malicious script

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.