If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Exploit:HTML/IframeRef.gen -- how do I get rid of this?
Live OneCare stops this from executing but can't seem to quarantine it or
remove it, in any way. It also turns off Windows Defender. Spyware Doctor doesn't even find it. It's crazy that two Microsoft products don't protect against this! I don't understand. If anyone has a way to explain a removal process in an easy-to-comprehend way, I would really appreciate it. I am not someone who is used to digging around in my computer's innards, but this thing is really interfering with how my machine runs. Thanks! ** cheryl ** |
Ads |
#2
|
|||
|
|||
Exploit:HTML/IframeRef.gen -- how do I get rid of this?
"Frazzled Cheryl" wrote: Live OneCare stops this from executing but can't seem to quarantine it or remove it, in any way. It also turns off Windows Defender. Spyware Doctor doesn't even find it. It's crazy that two Microsoft products don't protect against this! I don't understand. If anyone has a way to explain a removal process in an easy-to-comprehend way, I would really appreciate it. I am not someone who is used to digging around in my computer's innards, but this thing is really interfering with how my machine runs. Thanks! ** cheryl ** Hil Cheryl, Try this steps he 1.Click Start Control Panel and in Control Panel click Network and Internet connections, then open Internet Options. 2. Click the General tab, and then under Temporary Internet files, click Delete Files. 3. In the Delete Files dialog box, click to select the Delete all off-line content check box if you want to delete all Web page content that you have made available offline. 4. Click OK. Scan from here and you can get the free Avast AV for home user only: http://www.avast.com/eng/wmf_exploit.html http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Then I think there is not any thing ( may be) on your computer but it could be a security Hole left opened because you didn't get the latest updates for your IE or a Malicious Software installed or code opened a security hole in your Browser, so get the latest security updates for your computer. August 2002, Cumulative Update for Internet Explorer (Q323759) http://www.microsoft.com/windows/ie/...e/default.mspx Microsoft Security Bulletin MS04-013 http://www.microsoft.com/technet/sec.../ms04-013.mspx Here is the link for ZA download all versions get yourself a firewall: http://download.zonelabs.com/bin/fre...seHistory.html |
#4
|
|||
|
|||
Exploit:HTML/IframeRef.gen -- how do I get rid of this?
Thanks for all the help, everyone, I really appreciate it. I got an email
today from PC Tools -- they said this was a new variant on a known malware threat, and they are currently working on a resolution. I hope my Microsoft products will be similarly updated to help protect from sites w/future exploits. I'm sorry I posted this in the wrong place... it was very hard for me to discern from that long list of choices just where I should post. I think I need Microsoft Communities for Dummies! ;-) ** cheryl ** "David H. Lipman" wrote: From: "Frazzled Cheryl" Frazzled | Live OneCare stops this from executing but can't seem to quarantine it or | remove it, in any way. It also turns off Windows Defender. Spyware Doctor | doesn't even find it. It's crazy that two Microsoft products don't protect | against this! I don't understand. If anyone has a way to explain a removal | process in an easy-to-comprehend way, I would really appreciate it. I am not | someone who is used to digging around in my computer's innards, but this | thing is really interfering with how my machine runs. Thanks! | | ** cheryl ** This is Exploit code in a HTML file. There is NOTHING to quarantine. Basically as you browsed a malicious web page Live OneCare stopped thfile in its tracks and wasn't even written to the TIF. Windows Defender and Spyware Doctor wouldn't have found this even if OneCare failed to do its job as these are non-viral anti malware software applications and Exploit code is found/detected by anti virus packages such as OneCare. Actually you are quite lucky. Overall OneCare falls way below its peers as anto virus software and its catch rate is very poor. Luckily OneCare stopped this IFrame Exploit. However, we don't know what OneCare missed ! In the future, please use the news group; microsoft.public.security.virus for this kind of subject matter. Download MULTI_AV.EXE from the URL -- http://www.ik-cs.com/programs/virtools/Multi_AV.exe To use this utility, perform the following... Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT { or Double-click on 'Start Menu' in C:\AV-CLS } NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} This will bring up the initial menu of choices and should be executed in Normal Mode. This way all the components can be downloaded from each AV vendor's web site. The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. http://www.ik-cs.com/multi-av.htm Additional Instructions: http://pcdid.com/Multi_AV.htm * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#5
|
|||
|
|||
Exploit:HTML/IframeRef.gen -- how do I get rid of this?
Well, today I can't seem to get the Question function to work... have allowed
PopUps on the browser, and I press the Ctrl key to override any other pop up zapper, and all it does is blink at me... I can't open the Question box, yet I did it before, just fine. I tried to post in the group you directed me to, but for whatever reason, I can't, I can only Reply. I guess I just don't understand how this Exploit works. I inadvertantly left my browser open last nite to a site I certainly trust, and this morning woke up to the same msg from OneCare saying it had blocked this, yet the browser (tho open) wasn't doing anything/moving around, anywhere. It still acts (to me) like something is resident on my computer. The system is still sluggish, and things don't work like they're supposed to, ie, this not being able to bring up the new Question window, yet I did it before. I suppose this sounds nuts, but I feel like I don't have total control over my own computer, as I notice little changes, here and there. Went to my homepage yesterday, and found it didn't go there, anymore. I'm completely baffled, scared, and frustrated. ** cheryl ** "David H. Lipman" wrote: From: "Frazzled Cheryl" Frazzled | Live OneCare stops this from executing but can't seem to quarantine it or | remove it, in any way. It also turns off Windows Defender. Spyware Doctor | doesn't even find it. It's crazy that two Microsoft products don't protect | against this! I don't understand. If anyone has a way to explain a removal | process in an easy-to-comprehend way, I would really appreciate it. I am not | someone who is used to digging around in my computer's innards, but this | thing is really interfering with how my machine runs. Thanks! | | ** cheryl ** This is Exploit code in a HTML file. There is NOTHING to quarantine. Basically as you browsed a malicious web page Live OneCare stopped thfile in its tracks and wasn't even written to the TIF. Windows Defender and Spyware Doctor wouldn't have found this even if OneCare failed to do its job as these are non-viral anti malware software applications and Exploit code is found/detected by anti virus packages such as OneCare. Actually you are quite lucky. Overall OneCare falls way below its peers as anto virus software and its catch rate is very poor. Luckily OneCare stopped this IFrame Exploit. However, we don't know what OneCare missed ! In the future, please use the news group; microsoft.public.security.virus for this kind of subject matter. Download MULTI_AV.EXE from the URL -- http://www.ik-cs.com/programs/virtools/Multi_AV.exe To use this utility, perform the following... Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT { or Double-click on 'Start Menu' in C:\AV-CLS } NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} This will bring up the initial menu of choices and should be executed in Normal Mode. This way all the components can be downloaded from each AV vendor's web site. The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. http://www.ik-cs.com/multi-av.htm Additional Instructions: http://pcdid.com/Multi_AV.htm * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#6
|
|||
|
|||
Exploit:HTML/IframeRef.gen -- how do I get rid of this?
From: "Frazzled Cheryl"
| Well, today I can't seem to get the Question function to work... have allowed | PopUps on the browser, and I press the Ctrl key to override any other pop up | zapper, and all it does is blink at me... I can't open the Question box, yet | I did it before, just fine. I tried to post in the group you directed me to, | but for whatever reason, I can't, I can only Reply. | | I guess I just don't understand how this Exploit works. I inadvertantly left | my browser open last nite to a site I certainly trust, and this morning woke | up to the same msg from OneCare saying it had blocked this, yet the browser | (tho open) wasn't doing anything/moving around, anywhere. It still acts (to | me) like something is resident on my computer. The system is still sluggish, | and things don't work like they're supposed to, ie, this not being able to | bring up the new Question window, yet I did it before. I suppose this sounds | nuts, but I feel like I don't have total control over my own computer, as I | notice little changes, here and there. Went to my homepage yesterday, and | found it didn't go there, anymore. | | I'm completely baffled, scared, and frustrated. | | ** cheryl ** Did you run any of the scans suggested from the Multi AV Scanning Tool ? The most important thing to realize is that Exploits take advantage of vulnerabilities. If vulnerabilities are properly patch Exploits Codes become impotent and unable to take advantage. Since this is an IFram Internet Explorer Exploutation, you need to make sure that Internet Explorer in Windows XP is completely and fully patched by installing *all* critical updates provided by the Windows Update web site. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#7
|
|||
|
|||
Exploit:HTML/IframeRef.gen -- how do I get rid of this?
Frazzled Cheryl wrote:
Live OneCare stops this from executing but can't seem to quarantine it or remove it, in any way. It also turns off Windows Defender. Spyware Doctor doesn't even find it. It's crazy that two Microsoft products don't protect against this! I don't understand. If anyone has a way to explain a removal process in an easy-to-comprehend way, I would really appreciate it. I am not someone who is used to digging around in my computer's innards, but this thing is really interfering with how my machine runs. Thanks! ** cheryl ** When you browse any suspicious sites turn off Javascript. This exploit is run in Javascript. Some Web sites will try to lure you in and tell you that their features operate only with Javascript enabled. Don't do it. Such as downloading files from Depositfiles.com. In order to download them for free you have to watch a clock count down and that only happens as a Javascript applet. While it is counting down the clock it is installing the Trojan Horse program Exploit:HTML/IframeRef.gen. When you later do a scan read the logs and it should tell you exactly where the Iframe reference is. I found it in an obsolete mail Inbox. Copy the old folder to a CD and then delete the whole folder. Live OneCare does not want to quarantine folders or files that it thinks you want to use daily such as your mailbox, otherwise you would not be able to read your mail. |
#8
|
|||
|
|||
Exploit:HTML/IframeRef.gen -- how do I get rid of this?
Frazzled Cheryl wrote:
Live OneCare stops this from executing but can't seem to quarantine it or remove it, in any way. It also turns off Windows Defender. Spyware Doctor doesn't even find it. It's crazy that two Microsoft products don't protect against this! I don't understand. If anyone has a way to explain a removal process in an easy-to-comprehend way, I would really appreciate it. I am not someone who is used to digging around in my computer's innards, but this thing is really interfering with how my machine runs. Thanks! ** cheryl ** Another favorite trick of the hackers is to put up a pop up which warns you that your computer is running very slowly and may be infected. So it asks you if you'd like to run a program to clean it or check for viruses. No matter what you click it then installs its own Trojan Horse. Your only protection is when you see a message like that, use Task Manager to shut down your browser. |
#9
|
|||
|
|||
Exploit:HTML/IframeRef.gen -- how do I get rid of this?
I was an idiot and know have the Trojain Horse. I ran Live OneCare virus
scan but I can't find the log to read where the Trojain Horse is so I can delete it. Where can I find the log? "Anthony Marsh" wrote: Frazzled Cheryl wrote: Live OneCare stops this from executing but can't seem to quarantine it or remove it, in any way. It also turns off Windows Defender. Spyware Doctor doesn't even find it. It's crazy that two Microsoft products don't protect against this! I don't understand. If anyone has a way to explain a removal process in an easy-to-comprehend way, I would really appreciate it. I am not someone who is used to digging around in my computer's innards, but this thing is really interfering with how my machine runs. Thanks! ** cheryl ** When you browse any suspicious sites turn off Javascript. This exploit is run in Javascript. Some Web sites will try to lure you in and tell you that their features operate only with Javascript enabled. Don't do it. Such as downloading files from Depositfiles.com. In order to download them for free you have to watch a clock count down and that only happens as a Javascript applet. While it is counting down the clock it is installing the Trojan Horse program Exploit:HTML/IframeRef.gen. When you later do a scan read the logs and it should tell you exactly where the Iframe reference is. I found it in an obsolete mail Inbox. Copy the old folder to a CD and then delete the whole folder. Live OneCare does not want to quarantine folders or files that it thinks you want to use daily such as your mailbox, otherwise you would not be able to read your mail. |
#10
|
|||
|
|||
Exploit:HTML/IframeRef.gen -- how do I get rid of this?
Hi, i am also receiving this and am in a loop of "administrator"/remove, then
it says re-scan. This scan then finds the same Trojan. Can anybody tell me how to remove it please? "Anthony Marsh" wrote: Frazzled Cheryl wrote: Live OneCare stops this from executing but can't seem to quarantine it or remove it, in any way. It also turns off Windows Defender. Spyware Doctor doesn't even find it. It's crazy that two Microsoft products don't protect against this! I don't understand. If anyone has a way to explain a removal process in an easy-to-comprehend way, I would really appreciate it. I am not someone who is used to digging around in my computer's innards, but this thing is really interfering with how my machine runs. Thanks! ** cheryl ** Another favorite trick of the hackers is to put up a pop up which warns you that your computer is running very slowly and may be infected. So it asks you if you'd like to run a program to clean it or check for viruses. No matter what you click it then installs its own Trojan Horse. Your only protection is when you see a message like that, use Task Manager to shut down your browser. |
Thread Tools | |
Display Modes | |
|
|