Hi, I wonder if anyone can help. I’m using my laptop on my parents wireless network. I’m getting malware blocked (Iframe inf) warnings on every other site I visit, including this one, which seems odd. My parents laptop is connected via a powerline connection downstairs, and gets the same warnings. We both have the current free version of Avast. The main PC which hardly gets used, is not showing any of these warnings. I’ve scanned it with Avast, Spybot, Malwarebytes and it’s totally clean, apart from the odd cookie. I deleted the cookies on it yesterday and the malware blocked pop ups on both laptops stopped. Today it has started again, without the main PC being used.
Any ideas? I’m aware the Iframe inf attempts are being blocked, but they are flippin annoying. :
If you do a forum search for google-analytics.com/ga.js and you should find at least one other topic related to this and if I remember rightly it is some sort of DNS redirection, etc. which seems to differ depending on where in the world you are.
The simplest way to clear Google analytics. However, if all computers are experiencing this then you may have a compromised router, do you experience this when you do not use their router ?
Please go to the following file C:\Windows\System32\drivers\etc\hosts
Right click the file and select open with
Select notepad from the options and remove the tick from always use this programme to open this type of file
Copy and paste the following bolded text into this file (any where will do )
Save and exit
What could help here is that you do a scan here: http://n4.netalyzr.icsi.berkeley.edu/
Post the results of the scan as an attached txt file to your next posting.
Probably essexboy can get a better picture of your connection issues from that particular scan report,
click start analysis, see attached picture…
The problem is only an issue at my parents house. I have a feeling the issue is with the router and not the two laptops. I have done the scan as requested and will post the results once I have worked out how to do it. I’m not au fait with all the functions of the board, so please bear with me. This appears to be the exactly same issue as I seen on the other ‘false positives’ thread, same IP addresses, google-analytics etc…
You can attach the result page url with id (as I gave it with space next to // to your next posting, essexboy can look that up, it is not visible to users not logged in, and you can untag it after it has been downloaded by us once,
link would be somewhat like http:// n4.netalyzr.icsi.berkeley.edu/summary/id=8 digits-4 digits-etc.-etc.,
Got that id, so moderate the posting and take the link off now. Well essexboy has it also as I PM-ed the link to him.
Seems there was a “man in the middle attack performed on the browser”. Essexboy has some more indications as for what malware to look. He will instruct you what further to do. I think of a trojan like maybe “Bancos” or a bot like “Spy-eye”,
Thanks for giving the link this will also help others in similar situations,
I just got home and tried the pages that were getting the malware alerts, and no problems my end. My parents still have the problem, so I would imagine the problem is located somewhere on their connection.
That would suggest a router infection at their end
Reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled “reset” located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
Also get them to run Malwarebytes on their computer
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
