malware or false positive (Firefox Detected: HEUR:Trojan.Script.Iframer )

[dragon wench]

For the last little while I've been trying to troubleshoot an annoying issue that only occurs when I sign into Google Bookmarks via Firefox. Kaspersky will tell me that it is denying:

"9/3/2009 1:54:14 PM http://forums.elricm.com/favicon.ico Firefox Detected: HEUR:Trojan.Script.Iframer


I have run all kinds of scans with no results, and the only record I find of it in Kaspersky is in web traffic.

I have done some Googling and thought it might be a Temp file issue, so I have deleted my Temp folder, run CC Cleaner, disc cleaner etc. but it is still happening..

I'd love to know what is going on.. most frustrating.

Note: I do actually visit elricm.com, it's an elderscrolls mod site, and I've never had any reason to believe it is a dangerous site.

[fable]

Elric's has had some virus infestations in the past, for a fact: it happened as recently as about 3 months ago. That noted, there have also been a number of false positives about the site. My advice? Post to the ES forums under Morrowind Mods about this. The Elric admins frequent it, and will probably reply.

[dragon wench]

Gah..
I have been trying to do precisely that, but every time I try to register at Elric, I repeatedly get turned back to the same page no matter how many times I enter the required information... *sigh*

I also notice that Kaspersky goes really nuts when I try to navigate the site...


I'm wondering, if I remove the site from my Google Bookmarks list, if it would help stop the notification popups?

[Xandax]

Avast's scanning is also reporting trojan on that site when I enter the favicon link you provided.....
from "html:iframe-Ez"

Seeing as I've never entered that site before, I'd doubt it has anything to do with "temp folders" or similar stuff.

I would right now think the threat legit or at least that there's something suspesios going on at that site. So I would take it seriously. It is indeed possible that the site attempts to open up an iframe to some not-so-friendly location.

My "professional" opinion is that I'd stay away from that site for now until you know for sure it is a safe site.

[dragon wench]

OK, thanks Xandax,
I appreciate you checking and helping to eliminate possibilities.
I'll definitely stay away from the site, and do some in-depth system scans myself. For starters, I downloaded the trial of Trojan Hunter earlier, and I'll run that overnight. Tomorrow I'll do more work with my usual scanners.

UPDATE
Hmm... I removed all of my Elric bookmarks from Google Bookmarks and I no longer seem to be getting Kaspersky warnings when I sign into my account.
I had no idea my AV would actually warn me about links in Google bookmarks... I'm impressed!