HTML:iframe-inf infection (logs added)

Hello all,

I have a problem similar to one discussed two years ago (https://forum.avast.com/index.php?topic=165280.0). In my case though it’s not the navigator that’s being attacked, but my torrent client (qBittorrent). Update: Chrome was induced to spontaneously open a suspect URL too, but only once

Actually, I think the infection took place through a website and now it’s trying to process something through my torrent client.

Anyway, Avast notices HTML:iframe-inf infection when qBittorrent is running, but cannot find any threat while scanning.

MBAM’s scan identified nothing either. However, as it’s now installed, it took the place of Avast in notifying me something is wrong when I run qBittorrent (I added a log generated by it too).

Neither FRST.

ASWMBR did found something. While it is scanning, even in safe mode without internet connection, it shows:
Service ESProtectionDriver C:\WINDOWS\system32\drivers\mbae64.sys LOCKED
after some seconds, Windows shows a blue screen. It says that aswmbr.sys has failed.

Could someone please help me?
Thank you in advance

Anyway, Avast notices HTML:iframe-inf infection when qBittorrent is running, [b]but cannot find any threat in its scanning[/b].
Because infection is located on the URL that your torrent program is connecting to

What does the avast message say (all info) you may post a screenshot

Asked screenshot is attached.

Avast blocked yesterday an attempt of connecting to a URL not through qBittorrent, but through Chrome. Unfortunately I didn’t a screenshot at the moment.

URL blacklist check
https://www.virustotal.com/#/url/b322eb6d691c7c91dc94e2f5319a5b56719f60d2322001a517a7886521fd354e/detection

file check
https://www.virustotal.com/#/file/5ab44f257a83c18ca426028e0bf03b9bf2c194c0138c5c704f018cec98bd7650/detection

Well, file check detected a Trojan, so It is not a false positive, right?

Is there something I can do? I’m not trying to access these URLs, something in my computer is generating a command to do it

something in my computer is generating a command to do it
As your screenshot say ... your torrent program

Risk info >> http://www.informationsecuritybuzz.com/articles/torrenting-know-risks-take/

I think this is not the case. As I’ve already said, Chrome was induced to it too

Same URL?
Same detection?

Same detection (HTML:iframe-inf) but on another URL, which I didn’t take note

Malware expert is notified and will check your attached logs. It may take hours before he is online

Iframe info >> https://www.theguardian.com/technology/2008/apr/03/security.google
Iframe info >> https://en.m.wikipedia.org/wiki/Iframe_virus

Thank you

  • Open Notepad (click Start button → type notepad.exe → press Enter)
  • Copy text from code block below and paste it into Notepad
cmd: type C:\IORRT\IORRT.bat
  • Go to FileSave As
  • Make sure that UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Thank you, it did work! I put qBittorrent to run and it’s working fine

I didn’t do anything. I only checked file that turns to be MS Office activator. In qBittorrent, find in trackers blocked URL and remove it from tracker list.

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.