HTML:Illiframe-D

Discussion in 'ESET NOD32 Antivirus' started by cowwoc, Nov 3, 2009.

Thread Status:
Not open for further replies.
  1. cowwoc

    cowwoc Registered Member

    Joined:
    Jun 1, 2008
    Posts:
    20
    Hi,

    Avast is detecting the "HTML:Illiframe-D" virus for the attached file. Nod32 doesn't detect anything. I believe that Avast is right because of the embedded links to a Russian website. Please let me know what you think.

    Thanks,
    Gili
     

    Attached Files:

  2. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    I believe the reason is, that file is a Text file, meaning it can't do anything but be read. No code or script can be executed so it is not actually a threat.

    I could be mistaken, but if the file were converted into a .html or .php file so that it actually ran when opened, then NOD would keep it from doing anything malicious.

    Also, if the only thing it does is redirect, then the file itself is not a threat, but the site it redirects to might be. If so, then NOD will kill the connection if anything tries to come through on the site.
     
  3. ASpace

    ASpace Guest

    Avast and Sophos and the only 2 antivirus programs that detect this text file as malicious
     
  4. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    yes, it is a hacked website.
     
  5. cowwoc

    cowwoc Registered Member

    Joined:
    Jun 1, 2008
    Posts:
    20
    You are wrong. This file came from a hacked website (I simply renamed it to .txt) and when you hit it using IE it redirects you to a Russian website that tries infecting you.

    NOD32 blocks you from visiting the Russian website, but it does nothing to let you know that the original website was infected with a virus (and which one). This makes it more difficult to clean one's own website. NOD32 should detect this even under FireFox!

    Gili
     
Thread Status:
Not open for further replies.