Greetings to the forum.
The other day I was doing an image search on Google, and as I clicked on one of the images listed in the search, Avast issued a warning that “HTML:Iframe-inf” had been found in a number of links. I was reading that these infections should be reported about here, so I thought of adding my post.
The link to the image I clicked on is the following:
hxxp://images.google.pt/imgres?imgurl=hxxp://i234.photobucket.com/albums/ee29/tony1888/ants%252001/nescafewb4.jpg&imgrefurl=hxxp://21-albums-daily.blogspot.com/2008_05_01_archive.html&usg=__QGdtSgHJJiBe5DY-1Siefzl4pUY=&h=350&w=348&sz=50&hl=pt-PT&start=5&um=1&tbnid=vMMQRQUngTopmM:&tbnh=120&tbnw=119&prev=/images%3Fq%3Droxette%2Bmilk%2Band%2Btoast%2Band%2Bhoney%2Bcd%2Bcover%26imgsz%3Dm%26imgtbs%3Dz%26hl%3Dpt-PT%26sa%3DG%26um%3D1
And Avast’s warning was as follows:
16-11-2009 2:04:54 1258337094 SYSTEM 1432 Sign of "HTML:Iframe-inf" has been found in "hxxp://pixhost.eu/avaxhome/avaxhome/2008-05-30/coverucnoktaqk9_341.jpg\{gzip}" file. 16-11-2009 2:04:58 1258337098 SYSTEM 1432 Sign of "HTML:Iframe-inf" has been found in "hxxp://pixhost.eu/avaxhome/avaxhome/2008-05-30/inine_.jpg\{gzip}" file. 16-11-2009 2:05:35 1258337135 SYSTEM 1432 Sign of "HTML:Iframe-inf" has been found in "hxxp://pixhost.eu/avaxhome/avaxhome/2008-05-30/Ashanti_X_The_Declaration.jpg\{gzip}" file. 16-11-2009 2:05:39 1258337139 SYSTEM 1432 Sign of "HTML:Iframe-inf" has been found in "hxxp://pixhost.eu/avaxhome/avaxhome/2008-05-30/KungFuPanda_777.jpg\{gzip}" file. 16-11-2009 2:05:41 1258337141 SYSTEM 1432 Sign of "HTML:Iframe-inf" has been found in "hxxp://pixhost.eu/avaxhome/avaxhome/2008-05-26/velvetbarucnoktapl7_871.jpg\{gzip}" file. 16-11-2009 2:05:43 1258337143 SYSTEM 1432 Sign of "HTML:Iframe-inf" has been found in "hxxp://pixhost.eu/avaxhome/avaxhome/2008-05-27/boxucnoktacz1_348.jpg\{gzip}" file. 16-11-2009 2:05:43 1258337143 SYSTEM 1432 Sign of "HTML:Iframe-inf" has been found in "hxxp://pixhost.eu/avaxhome/avaxhome/2008-05-27/40537482cdf5_177.jpg\{gzip}" file.
Promptly I chose “abort connection” to each warning and exited that Google image search page I was at. (Further I exited Firefox all along and cleaned its cache.)
I got somewhat in doubt, then, though… Hmm… As far as I can understand, from what I’ve been reading here in the forum, getting this warning while browsing does not imply that one’s computer got infected, as Avast actually prevents such iframe infections from reaching one’s computer if connection to the infected website is duly aborted, correct? Or in other words, one is safe from any such eventual infection, since Avast preventively blocks the connection to the infected website, thus, as long as one doesn’t allow the connection to be made, no harm is nor can be done to the local computer, right? As I say, this is how I understand it, yet I just kinda need to ear it “loud and clear” from the experts mouths, so to speak, (also so that I don’t panic any next time I eventually run into any such warning from Avast), thus thanks for any additional clarification…
To be on the safe side anyway, after getting those warnings, I already ran full thorough scans, both with the on-demand scanners we have installed (Avast + Malwarebytes Anti-Malware + SUPERAntiSpyware + Spybot) as well as a number of additional online scanners (ESET + Kaspersky + F-Secure + BitDefender + Dr.Web) and all came back clean. So I believe there’s in the end no reason for me to worry, or?..
Thanks in advance for your time.