HTML: Iframe-inf

Some of our clients with Avast software have been complaining about this HTML: Iframe-inf malware.

They sent us screenshots so that we can see these errors for ourselves.

Is there anything to worry about on our site (www.sonicinformed.co.za)?

There is no client side javascript or Iframes on it?

Kind Regards
Henno

Please ‘modify’ your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

Well I have just visited the site using firefox and no alert (takes forever to load on dial-up very media heavy). Also just loaded it in Avant browser an IE clone and again no alert. So what is the specific page that is being alerted on (nothing on the home page and on dial-up I can’t go rummaging) ?

I didn’t see anything on the main page either. Perhaps one of your sub-pages?

Uploading the screenshot from one of your customers might be beneficial as well.

It was on the home page!

I have attached the Error screen from our clients!

This what google safe browsing has to say about sonicinformed.com

http://www.google.com/safebrowsing/diagnostic?site=sonicinformed.com

what say?

edit :

Malicious software includes 4 trojan(s).

Malicious software is hosted on 1 domain(s), including xg9.ru

Hmm… My VPS version is: 090806-0

Maybe they have included it in the new VPS database. Or, maybe you got rid of whatever Avast was complaining about.

That is not the link you posted before

6 Iframes, linking to malicious domains. They are also redirecting to a non standard port 8080, possibly to avoid scanning…

oh, sonicinformed.com

Yeah, that’s popping up warnings.

Thank you everyone for helping with this problem.

We will sort out the .com server.

Both co.za and .com sites redirect to the co.za domain but some of the images are on the .com domain.

One more thing.

Great job avast for picking this up. ;D

really? did not get any?

You won’t have as it wasn’t the URL that was initially given that was infected, which is why we asked for a specific URL (that in the image) which has been hacked.

Personally I would suggest that you stay away from suspect sites, unless you are more experienced (than I believe you are) and are prepared to get infected and having been infected be able to put things back as they were before infection.

I went to F-Secure.com to scan my PC using IE8. While the files the scanner were downloading to the Local Settings\Temp folder were 93% complete…Avast! alerted me of a 61860 byte file. The file name was jpeg.xmd. Avast! flagged it as containing signs of an HTML:IFrame-inf.

Since I was not sure if it was a false positive or if F-Secures servers were hacked to serve malware. I immediatly halted the downloading process at 93% confused if the actual files were actual malware signatures or that like Spybot S&D sometimes malware signatures turn up false positives.

Feeling as paranoid as I was, I promptly erased the subdirectories and files under the Local Settings\Temp folder.The name of the folders under Temp folder are Online Scanner\updates\0\infopack_fswserver.f-secure.com_80_377428708.

I erased the files by deleting them to the recycle bin and ran CCleaner with the 3passes algorithim
In this folder was were Avast! found the file “infopack_fswserver.f-secure.com_80_377428708”.

Anyone know if this is a false positive or that the file is indeed malicious?

An issue I would like to report, (I sincerly apoligize for including it in this topic since I am new to posting) is that Avast! hangs at a folder:

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95. This was since 2 Months ago or so. I think it only happens when performing a thorough scan.I perform the Thorough scan just incase there a packed and obfuscated viruses on disc.

Avast! is awesome! thanks everyone!