HTML/IframeRef.gen

[Zkal]

Hey guys, today I had two instances of having HTML/IframeRef.gen on my computers. They were located in AppData\Local\Microsoft\Internet Explorer\Recovery\Active. Detected and quarantined by MSE.

Question is should I be worried that there might be something going on in my computer since two instances of those? Running Windows 7, UAC on, protected mode on and all patches on my computer. MSE scan didn't reveal anything. Haven't browsed in unfamiliar sites with IE either.

 

[Chiefcrowe]

just to be safe i'd do an virus scan from a boot cd and also scan for spyware with something like malwarebytes in safe mode.

 

[Zkal]

Did those and nothing was found so all is fine then I'd guess. Only thing that bugs me how I got two instances of that yesterday between few hours when I definately hadn't went to any unknown site.

 

[tzdk]

May be just false positives or some of your safe sites are compromised and now have iframes leading to whatever or trying to execute whatever. Not easy when AV detects them. I doubt you would have been in trouble even if it did not. Biggest risk is probably you running old pdf or flash plugin. Someone with your Windows is not necessarily main target or the most vulnerable. I know those who cancel notifications of plugin updates because they don't care - such people are yummy for attacker.

Btw, you should only run Malwarebytes in safe mode if it does not work in normal. Some drivers are not loaded in safe mode so scan is actually less efficient.

ESET, Trend have nifty online scanners with option of restoring deleted files and what not. Try those to kill remaining doubt.

If you want to block domains leading to evil exe-files just because you can, there are several ways. From hosts files, Browser filters (only WOT works properly), DNS service (I only know Dyndns for blocking malware, other free ones are useless) to paying up for that Malwarebytes or other tool with same feature. You seem to be up for this blocking I use it big time and can only say you will be surprised. Much is highly visible and do not hide in iframes, still evil crap. You will look at Google Ads with different eyes after a period of blocking mania. Unless a fool you will not need this, but blocking give at least me a sort of satisfaction.

 

[Zkal]

Well I found out that Shacknews is causing it for me for some reason. The moment I go there alert comes up about HTML/Iframe.gen. I'll need to look around if others are having same issues with the site.

Now that I know what's causing it I am free of worry Plus I wasn't really super worried since I tend to make sure everything is updated and I always run as Limited User and I don't just type my admin pwd and press accept to UAC prompts

I'll check out those blocking things you said and see if I have time and energy to lock down my computer even bit more

Anyhow thanks for the assistance and tips to you guys.