I am a newbie to fighting malware and viruses, and I’ve just heard about the iframe malware. I am not sure if I’ve got it in my computer, but there is an extra network being connected whenever I am online. I do not have this network until this week. The name of the network cannot be changed, and I cannot delete it off somehow.
…
I am currently using avast! antivirus free version, will it detect malware whenever I visit any of the internet websites? So far, I have not received any malware / virus warnings regarding the websites I’ve visited.
-= I guess it wont hurt to try to have a scan with avast… or extend your security by scanning with Malwarebytes too… A Hijack This Log may also help us get a better overview of the problem…
The iframe malware is inserted into web pages that are generally on-line not your system.
This looks like you read an avast iNews message and it is because there is a huge increase in this method of attack. So what you might have previously though to be a safe/good site could just as easily be hacked. All it is doing is to make you aware of it and not to take things for granted.
Fortunately avast’s web shield is very good at detecting these hacked sites, were a small piece of code is inserted into legit pages. This code tries to redirect you to another site or run malware from another site.
So in the future you may well start getting these avast web shield detections, so you will have a better idea of why you are getting it/them.
Thank you for the clarification. I posted my HJT log yesterday but it seems it is not here. This is my HJT log file on 03 May 2009 (my country’s time):-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:19 PM, on 3/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
I’m sorry to post again, but I was just wondering: If any link (excluding search results in search engines) containing the word “iframe”, is it safe for us to use it? Because there is one when I was using one of the apps in Facebook (Please see the attached picture, the line at the bottom of the pic “Waiting for http…”).
-= We didn’t detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don’t use any firewall at all.
-= R3 - URLSearchHook: (no name) - - (no file)
could possibly be one of the cause of weird networks connecting when you are online…
this has been classified as bad…
-= O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
this is already deactivated & can be fixed…
-= O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
this is already deactivated & can be fixed…
-= O4 - HKLM..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
Spyware… A part of DownloadWare located in Program FilesKFH…
It may not be bad at all, because launcher.exe is also the name of the file you get on your desktop as you download DrWebCureIT, the non-resident free scanner made by DrWeb, but it could be something else, re: http://www.threatexpert.com/files/launcher.exe.html
So I propose a upload to virustotal.com to make certain about the file on that machine being legit or fraudulent, by the way what was the website with the malcoded iFrame on it, you can mention it like: hxtp://www.malcoded-frame.org for instance, so the curious won’t click it and get infected,
It means its not a virus, only 2 programs picked it 2/39. Also the two AV’s that found it are unknown to me.If it was a virus some of the big AV’s would have picked it up.
Because the date was 04.28.2009, that file has already been sent before,you could try again,and choose re-analyse
You have nothing to worry about