HTML:lframe-inf infection

I just got my computer re-imaged and I’m getting a ‘malware blocked’ pop-up from avast! on several webpages I visit and it always shows that the infection is HTML:lframe-inf

On most pages, the object is related to ads or to google-analytics. A good example of where this happens is the one in the “Logs to assist in cleaning malware” topic. When I clicked on the first link to download MBAM, the infection pop-up appeared (screenshot attached).

One other symptom is that some pages are not loaded. For example, when I searched for “avast blocking http://www.google-analytics.com/ga.js”, the first search result was a page on productforums.google.com and I could not open that page. It gives me a 404 Not Fount error and below that it says “nginx/1.2.6”

I’ve gone through the topics below, but could not find a fix for this annoying issue:
http://forum.avast.com/index.php?topic=74637.0
http://forum.avast.com/index.php?topic=93641.0

What I’ve tried so far is the following:

  • Did a nslookup to find out where google-analytics.com was pointing to
  • Found out that it was an IP in Google´s range, so there should be no problem with my DNS (I´m using OpenDNS)
  • I renamed the hosts file in drivers\etc and created a new default one, but it didn’t help

Any help is much appreciated. Log files are attached (OTL didn’t fit and zips are not allowed, so it was not attached)
Thanks, regards.

A good example of where this happens is the one in the[b] "Logs to assist in cleaning malware"[/b] topic.
and from there we need the OTL log

“OTL didn’t fit and zips are not allowed, so it was not attached”

…but let’s be smarter than that: I’ve split the OTL log and attached it here (OTL_1 and OTL_2)

enjoy and thanks :slight_smile:

Update: I’m not able to upload the OTL log right now (internet connection issues or forum response too slow) and I will be out for the weekend. I’ll post the OTL as soon as possible and will follow any troubleshooting steps on Monday.

Update: I'm not able to upload the OTL log right now (internet connection issues or forum response too slow) and I will be out for the weekend. I'll post the OTL as soon as possible and will follow any troubleshooting steps on Monday.
do as everyone else does here.... [b]attach[/b] (not copy and paste) OTL.txt .....and no zip

Who would try to copy and paste the contents of the OTL.txt log instead of uploading the actual file? It doesn’t make any sense…

But whatever. I did try to attach the file (I used the word upload on my post) but it was too big. The maximum size allowed on this forum is 512kb and my OTL.txt file has more than 800kb. When I tried to split the file into two and attach/upload both parts as OTL_1.txt and OTL_2.txt my connection to the forum was pretty bad and the upload never finished. I will attach/upload the files later on.
Regards.

OTL log, part 1

OTL log, part 2

Who would try to copy and paste the contents of the OTL.txt log instead of uploading the actual file? It doesn't make any sense...
many ;) thats why we repeat .....attach in bold every time

and this is the first time i have seen a OTL log that does not fit the 512kb. usually we get all 4 logs from that guide in one post

anyway, malware removers are notified, check back tomorrow

It looks like they are all related to GA so could you follow the steps here http://www.flatmaterooms.co.uk/blog/permanently-disable-google-analytics to amend your Host file
Let me know if that cures it

Yesterday and today I didn’t receive the avast notification about blocked malware. I visited some of the pages which I remember were showing as being infected and nothing appears now.

I think it must’ve been something related to the virus definitions on avast. Before posting on the forum I had updated avast, it was showing as updated and the blocked malware message was still there. But beginning of this week I received a notification that the virus definitions had been updated in avast and voilá, have not received the notification anymore.

I disabled google-analytics anyways by changing the hosts file information, just in case.
As of now, everything seems to be working normally again.

Thanks a lot.

Run OTL and press cleanup to remove it and its associated files :slight_smile:

LOL, that will not be needed…

…my computer crashed again and I was unable to repair Windows :-\ … I’m formatting it again right now. It’s a pretty old machine, but it had been working well until the last two weeks (I’m also pretty sure that the crash had nothing to do with viruses or st like that).

I’ll install Fedora on it and see what happens. I still have my laptop running Win7 whenever needed.

Thanks y’all for your help.