For the last little while I've been trying to troubleshoot an annoying issue that only occurs when I sign into Google Bookmarks via Firefox. Kaspersky will tell me that it is denying:
"9/3/2009 1:54:14 PM http://forums.elricm.com/favicon.ico Firefox Detected: HEUR:Trojan.Script.Iframer
I have run all kinds of scans with no results, and the only record I find of it in Kaspersky is in web traffic.
I have done some Googling and thought it might be a Temp file issue, so I have deleted my Temp folder, run CC Cleaner, disc cleaner etc. but it is still happening..
I'd love to know what is going on.. most frustrating.
Note: I do actually visit elricm.com, it's an elderscrolls mod site, and I've never had any reason to believe it is a dangerous site.
malware or false positive (Firefox Detected: HEUR:Trojan.Script.Iframer )
-
dragon wench
- Posts: 19609
- Joined: Tue Apr 24, 2001 10:00 pm
- Location: The maelstrom where chaos merges with lucidity
- Contact:
malware or false positive (Firefox Detected: HEUR:Trojan.Script.Iframer )
Spoiler
testingtest12
Spoiler
testingtest12
-
fable
- Posts: 30676
- Joined: Wed Mar 14, 2001 12:00 pm
- Location: The sun, the moon, and the stars.
- Contact:
Elric's has had some virus infestations in the past, for a fact: it happened as recently as about 3 months ago. That noted, there have also been a number of false positives about the site. My advice? Post to the ES forums under Morrowind Mods about this. The Elric admins frequent it, and will probably reply.
To the Righteous belong the fruits of violent victory. The rest of us will have to settle for warm friends, warm lovers, and a wink from a quietly supportive universe.
-
dragon wench
- Posts: 19609
- Joined: Tue Apr 24, 2001 10:00 pm
- Location: The maelstrom where chaos merges with lucidity
- Contact:
Gah..
I have been trying to do precisely that, but every time I try to register at Elric, I repeatedly get turned back to the [url="http://www.elricm.com/nuke/html/user.php"]same page[/url] no matter how many times I enter the required information... *sigh*
I also notice that Kaspersky goes really nuts when I try to navigate the site...
I'm wondering, if I remove the site from my Google Bookmarks list, if it would help stop the notification popups?
I have been trying to do precisely that, but every time I try to register at Elric, I repeatedly get turned back to the [url="http://www.elricm.com/nuke/html/user.php"]same page[/url] no matter how many times I enter the required information... *sigh*
I also notice that Kaspersky goes really nuts when I try to navigate the site...
I'm wondering, if I remove the site from my Google Bookmarks list, if it would help stop the notification popups?
Spoiler
testingtest12
Spoiler
testingtest12
Avast's scanning is also reporting trojan on that site when I enter the favicon link you provided.....
from "html:iframe-Ez"
Seeing as I've never entered that site before, I'd doubt it has anything to do with "temp folders" or similar stuff.
I would right now think the threat legit or at least that there's something suspesios going on at that site. So I would take it seriously. It is indeed possible that the site attempts to open up an iframe to some not-so-friendly location.
My "professional" opinion is that I'd stay away from that site for now until you know for sure it is a safe site.
from "html:iframe-Ez"
Seeing as I've never entered that site before, I'd doubt it has anything to do with "temp folders" or similar stuff.
I would right now think the threat legit or at least that there's something suspesios going on at that site. So I would take it seriously. It is indeed possible that the site attempts to open up an iframe to some not-so-friendly location.
My "professional" opinion is that I'd stay away from that site for now until you know for sure it is a safe site.
Insert signature here.
-
dragon wench
- Posts: 19609
- Joined: Tue Apr 24, 2001 10:00 pm
- Location: The maelstrom where chaos merges with lucidity
- Contact:
OK, thanks Xandax,
I appreciate you checking and helping to eliminate possibilities.
I'll definitely stay away from the site, and do some in-depth system scans myself. For starters, I downloaded the trial of Trojan Hunter earlier, and I'll run that overnight. Tomorrow I'll do more work with my usual scanners.
UPDATE
Hmm... I removed all of my Elric bookmarks from Google Bookmarks and I no longer seem to be getting Kaspersky warnings when I sign into my account.
I had no idea my AV would actually warn me about links in Google bookmarks... I'm impressed!
I appreciate you checking and helping to eliminate possibilities.
I'll definitely stay away from the site, and do some in-depth system scans myself. For starters, I downloaded the trial of Trojan Hunter earlier, and I'll run that overnight. Tomorrow I'll do more work with my usual scanners.
UPDATE
Hmm... I removed all of my Elric bookmarks from Google Bookmarks and I no longer seem to be getting Kaspersky warnings when I sign into my account.
I had no idea my AV would actually warn me about links in Google bookmarks... I'm impressed!
Spoiler
testingtest12
Spoiler
testingtest12