Need help figuring out where this Trojan Script keeps coming from.

[tankman1989]

Greetings,

I have been getting a message from Kaspersky every time I open Firefox that it is trying to load a Trojan.Script.Iframer within Firefox. I took a screen shot of the detailed report and was wondering if anyone could tell me why it keeps popping up when my system says that it is clean.

 

[Methical]

Greetings,

I have been getting a message from Kaspersky every time I open Firefox that it is trying to load a Trojan.Script.Iframer within Firefox. I took a screen shot of the detailed report and was wondering if anyone could tell me why it keeps popping up when my system says that it is clean.

The picture is not embedded in the message; but when I 'quote' the message I can see the url in the IMG tags. Copied and pasted the URL; and just loaded a page with the URL in where the picture should be ..

 

[kisk]

That site probably loads a script file that uses an iframe to display known malicious content. You should be fine. The site loads ok? If so don't worry about it. Those sites are just trying to get paid any way possible.

 

[Bryce W]

The code is most likely on an advertising network all those sites are using. IFramer isnt necessarily malicious but can be used for evil so Kaspersky blocks it. I get this occasionally too with my Kaspersky.

 

[iisjman07]

Kaspersky is using a generic detection name (nothing specific) which leads me to believe it's false positive

 

[Blues]

It is using Hueristics which is along the lines of pre-emptive strike and these hueristic rules are usually outlined along easily exploitable code that is in general prevented. It is and isn't a false positive in that its not flagging it becuase its a virus its flagging and blocking it becuase it easily can be a virus or be used to inject a virus. It is mostly due to the possibility of injecting code and virus behind its security that it blocks these. You generally are not missing out on anything except ads when this block kicks in so I wouldn't worry about it.

 

[PcTek9]

that is terrible coding. lol.

http://www.secureworks.com/research/threats/iframeads/

^ article about the iframe tag being exploited through banner ads to install trojans.

 

[Blues]

I should clear up a little more that the Hueristics might actually look for the intial piece that is exploited or code using the exploit and blocks it even if the exploit isn't being used malicously. I wouldn't know with out alot of testing that to me is a waste of time until it provides a real problem.