Hi,

Ewido has found a threat 'Not-A-Virus.Exploit.IframeJS' in c:\tmp\Temporaty Internet Files\Content.IE5\6HILC7GL\popUp[1].js
i browsed to that folder and couldn't find any 6HILC7GL or popUp[1].js and scans on this folder with NOD32, Kaspersky and SuperAntiSpyware all found nothing.

I just want to ask whether this is likely to be a real threat and how do I find the file that's being flagged by Ewido? If I can find it then I can submit it to Ewido and online scanners to verify the threat (or not).

thanks

It is a temp file, maybe you already deleted it.

-{ Quote: "It is a temp file, maybe you already deleted it." }-
it still finds it on a scan of that folder though...

It is probably a hidden file, try setting explorer to show hidden and system files and then have another look

-{ Quote: "It is probably a hidden file, try setting explorer to show hidden and system files and then have another look" }-
always have show hidden files on and no system files there. here's a screenshot of the scan results from VirusTotal of the zipped up folder. Will submit it to Ewido later.

cheers

I am having the same issue. The "Not-A-Virus.Exploit.IframeJS" appeared in my daily Ewido scan for the first time yesterday. I marked it for removal, rebooted into Safe Mode, ran Ewido again and the scan was clean. I rebooted, stopped and restarted System Restore, ran a few other security programs, and everything came up clean.

Today, Ewido is alerting to the same Not-A-Virus infections again.

Any help would be most appreciate. Thanks.

-{ Quote: "I am having the same issue. The "Not-A-Virus.Exploit.IframeJS" appeared in my daily Ewido scan for the first time yesterday. I marked it for removal, rebooted into Safe Mode, ran Ewido again and the scan was clean. I rebooted, stopped and restarted System Restore, ran a few other security programs, and everything came up clean.

Today, Ewido is alerting to the same Not-A-Virus infections again.

Any help would be most appreciate. Thanks." }-
hi, yes it seems to be since a recent update - last day or so i think. I've sent the zipped folder to the samples address so i'm sure it will be sorted out soon.

We will fix it with the next signature update.

I just ran a scan with the latest update and it came out clean.

Rothko, thank you so much for advancing the issue; and, Karl, thank you for the quick resolution.