Not-A-Virus.Exploit.IframeJS

Discussion in 'ewido anti-spyware forum' started by rothko, Sep 20, 2006.

Thread Status:
Not open for further replies.
  1. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    Hi,

    Ewido has found a threat 'Not-A-Virus.Exploit.IframeJS' in c:\tmp\Temporaty Internet Files\Content.IE5\6HILC7GL\popUp[1].js
    i browsed to that folder and couldn't find any 6HILC7GL or popUp[1].js and scans on this folder with NOD32, Kaspersky and SuperAntiSpyware all found nothing.

    I just want to ask whether this is likely to be a real threat and how do I find the file that's being flagged by Ewido? If I can find it then I can submit it to Ewido and online scanners to verify the threat (or not).

    thanks
     
  2. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
    It is a temp file, maybe you already deleted it.
     
  3. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    it still finds it on a scan of that folder though...
     
  4. MikeW2

    MikeW2 Registered Member

    Joined:
    Jun 25, 2006
    Posts:
    14
    Location:
    Bedfordshire - UK
    It is probably a hidden file, try setting explorer to show hidden and system files and then have another look
     
  5. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    always have show hidden files on and no system files there. here's a screenshot of the scan results from VirusTotal of the zipped up folder. Will submit it to Ewido later.

    cheers
     

    Attached Files:

  6. McGuireN

    McGuireN Registered Member

    Joined:
    Mar 13, 2004
    Posts:
    2
    I am having the same issue. The "Not-A-Virus.Exploit.IframeJS" appeared in my daily Ewido scan for the first time yesterday. I marked it for removal, rebooted into Safe Mode, ran Ewido again and the scan was clean. I rebooted, stopped and restarted System Restore, ran a few other security programs, and everything came up clean.

    Today, Ewido is alerting to the same Not-A-Virus infections again.

    Any help would be most appreciate. Thanks.
     
  7. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    hi, yes it seems to be since a recent update - last day or so i think. I've sent the zipped folder to the samples address so i'm sure it will be sorted out soon.
     
  8. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
    We will fix it with the next signature update.
     
  9. McGuireN

    McGuireN Registered Member

    Joined:
    Mar 13, 2004
    Posts:
    2
    I just ran a scan with the latest update and it came out clean.

    Rothko, thank you so much for advancing the issue; and, Karl, thank you for the quick resolution.
     
Thread Status:
Not open for further replies.