html iframe gen ....need help

Hi all … quite simply , everytime i open a web page , avast warns me i have a trojen , something to do with html iframe gen . initally it shows up in a file then it shows up in the temp internet files . I have tried everything to get rid of this warning including the following
full system scan …no good
boot scan …no good …
delete temp intenet files , then scan .
memeory scans and countless other pointless exercises
how do i get rid of this from my computer .? i only have a very limited knowledge of computer things so try not to confuse me … thanks

Close every IE Windows and use Microsofts Disk Cleanup Tool http://support.microsoft.com/?scid=kb%3Ben-us%3B315246&x=7&y=12 and let it clean everything (without Compress Old Files)

See, if this will get rid of the Problem

HI , no that didnt work either ???

Please use Mbam http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html , let it scan your PC and post the created Report.

HI , yes i run that program anyway . it did find 5 problems and after deleting them and rebooting , the trojens re-appeared as b4 . i will run it again and post the logs for you .

I have found as soon as i boot up computer a warning comes up i have :
                    win32 tiny tm     trogen appearing in the windows temp file . 

even if i delete it , it keeps aappearing . even after a boot scan it has reappeared .

If i ignore it and open a web page , then another waring comes up saying i have
html iframe gen trojen . even if i delete it and open web pages i get the same alert about iframes

Okay, please use Combofix and post the result. You do not need to install the Recovery Console. Be sure to disable all AV/AS Guards while using it
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

hi , here is the log from the combofix

if it means anything the warning about the tiny tm trojen only appears when i connect to the internet . when disconnected it doesnt appear …

That doesn´t look good. Please test these files at virustotal.com and post the whole results or the Link to the results:

D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\7.tmp

hi , all very interesting i think :stuck_out_tongue:

here are the results

http://www.virustotal.com/analisis/0201704da56b5b509e49a7d49f5b1e46

http://www.virustotal.com/analisis/b8b00241d2ff6272c913b5cb634f0fdc

http://www.virustotal.com/analisis/35ad8789334da0ba0fece6421c18b4fc

there does appear to be more nasty files (as i assume have seen ) …but can i get back to normal …??
cheers

Whilst I’m not familiar with the combofix log, this one seems strange to me.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\setup.exe

So I would also suggest uploading g:\setup.exe to virus total.

Yes, Malware often get started by these entries, but if a system is infected with a Virus(Virut Variant) i would prefer Backup data, and formating. It is important, to check all external drives to eliminate that they are infected too!

If you want you can scan your pc using drweb Cureit http://freedrweb.com/

Do not connect any external drive to this pc as long as it is infected, otherwise the (PE)exe files will become infected too, even if you only want to scan them with drweb or avast

here is the result for the scan of setup exe

http://www.virustotal.com/analisis/dd0c3ed281603a68bc64f5fca50d9513

Yes I noticed from the VT Results some of the detections were Virut and that isn’t too good as it can be pretty destructive. If CureIt can be run it is perhaps the only one I know of that might be effective, more so if it can be run from safe mode.

HI , i ran drweb and it looks like windows has been wiped out as it wont boot up now …guess i will re install now … :o