Not-A-Virus.Exploit.IframeJS

Hi,

Ewido has found a threat 'Not-A-Virus.Exploit.IframeJS' in c:\tmp\Temporaty Internet Files\Content.IE5\6HILC7GL\popUp[1].js
i browsed to that folder and couldn't find any 6HILC7GL or popUp[1].js and scans on this folder with NOD32, Kaspersky and SuperAntiSpyware all found nothing.

I just want to ask whether this is likely to be a real threat and how do I find the file that's being flagged by Ewido? If I can find it then I can submit it to Ewido and online scanners to verify the threat (or not).

thanks

 

It is a temp file, maybe you already deleted it.

 

it still finds it on a scan of that folder though...

 

It is probably a hidden file, try setting explorer to show hidden and system files and then have another look

 

always have show hidden files on and no system files there. here's a screenshot of the scan results from VirusTotal of the zipped up folder. Will submit it to Ewido later.

cheers

 

I am having the same issue. The "Not-A-Virus.Exploit.IframeJS" appeared in my daily Ewido scan for the first time yesterday. I marked it for removal, rebooted into Safe Mode, ran Ewido again and the scan was clean. I rebooted, stopped and restarted System Restore, ran a few other security programs, and everything came up clean.

Today, Ewido is alerting to the same Not-A-Virus infections again.

Any help would be most appreciate. Thanks.

 

hi, yes it seems to be since a recent update - last day or so i think. I've sent the zipped folder to the samples address so i'm sure it will be sorted out soon.

 

We will fix it with the next signature update.

 

I just ran a scan with the latest update and it came out clean.

Rothko, thank you so much for advancing the issue; and, Karl, thank you for the quick resolution.