What do you think I should do?

While I was at school, my Mum looked up an article on some incident in Australia and when she clicked on it, a warning from WOT indicated that the site was compromised, and she told me she then clicked out of it. When I came home, I looked in the Nod32 quarantine and it said it blocked two redirector trojans that obviously wanted it to redirect to a malware site, which it blocked. I did a scan of the computer and it found 1 thing, which was a HTML/Iframe.b.gen virus in the Mozilla Firefox Cache files.

I did another scan with Malwarebytes and HitmanPro= nothing.

Just wondering what the Iframe virus does, and has it taken any important data, as I will become a bit stressed if it has taken anything, as we are moving houses at the moment? My parents just don't know how to navigate the Internet safely, so I changed the WOT thing to block, not warn. Any ideas?

 

Open the detected file in notepad

 

I think Nod32 deleted it, when it asked for the action to be taken, I pressed delete. Are there any sites that would have general information on this Iframe virus? Nod32's website says it's a HTML frame virus that redirects the user to a malicious site, where Nod terminated the Redirector trojans that attempted to do this.

 

It sounds like your fine to me. NOD did what it was supposed to do and MBAM and Hitman found zilch.

 

But NOD only discovered this Iframe virus a week after the incident actually occurred, so that means it has been sitting there for a week.

Should I be concerned that it has done anything? Wouldn't Nod detect something if this virus attempted to perform any malicious activity or execute?

Thanks

 

then nod has killed the file, before you have any chances of loading that file in your browser and get redirected to a malicious website, instead

 

Yeah, that's really awesome, but what about the Iframe.b.gen virus? That wasn't blocked, that was just found sitting there a week after the actual trojan blocking procedure occurred.

I am just concerned it has done something malicious in the background that I am unaware of, and there is not enough info on the Internet about what it actually does.

Do you know anything about this strange virus?

Thank you

 

Bump.... anyone know anything about this Iframe virus? It could have been doing anything sitting there? Thanks

 

I don't know anything about that virus but have you consulted Eset's online virus database or encylopedia? As far as whether or not the virus was doing anything I suspect Eset would have snuffed it out if it attempted to execute.

 

Eset says it is:

HTML/Iframe.B.Gen is generic detection of malicious IFRAME tags embedded in HTML pages, which redirect the browser to a specific URL location with malicious software

That's all it says though, doesn't give a detailed description. Could the Iframe virus have become deactivated/non-executable due to the termination of the trojans, which supports the actual process of directing the host to the malicious website and then Nod32 detected the file?

Thank you for your time

 

It's possible I suppose , however I don't know enough to say, so I'll leave the answer to someone with expertise in the field.

 

under what web site the detection of the i frame occured? You can view it under log files - detected threats
Maybe we can explain that detection

 

Please refer to these options: My computer has a virus – what should I do?, If you are currently infected.

Stand by for ESET Staff and or Moderator for further instructions.

Thank you.

 

The Iframe virus is not listed under detected threats, but the redirector trojans are. It says:

-http://akooramak//au.... not writing all of the link as it may contain the HTML iframe virus. Threat: JS/Redirector.NID trojan- connection terminated

When you type that website into google, it says this site may be compromised, so my Mum didn't see that and went straight ahead. The Iframe virus is listed in the quarantine though.

 

You can view embedded webpages inside a webpage with iframes

basically, that detection mean you are prevented from loading content in other sites

if you open that HTML file in notepad you can view the external URLs in the iframe tag

 

If nod32 deleted it, am I good now? Or is there a risk of something else? Does that type of infection pose any danger to the computer now?

Thanks

 

Don't worry, I believe I am clean. I just read this on F-Secure which highlights that I am only affected if I actually visit the malicious website (which Nod blocked) and it will then execute, and Nod then deleted it.

Additional Details
This malware will only affect a user who is browsing a malicious website, or a legitimate website which has been compromised. Unlike more straightforward trojan-downloaders, this malware does not directly download the malicious files itself, but rather redirects the user to malicious websites which perform the actual download automatically.

Upon execution, this malware uses Iframe tags to redirect the user to the malicious websites:

-http://user1.jzm018.cn/[...]/fxx.htm - Trojan-Downloader.JS.Agent.ckl
-http://jzm015.cn/[...]x.htm - redirects to ilink.html, flink.html
-http://jzm015.cn/][...]c.htm - Trojan-Downloader.JS.Agent.ckk

These sites will then subject the visitor to a drive-by download.

Argh I don't know how to edit the link =.=