[solved] Trojan.exploit.iframe.d In Outlook Pst Archive

BD AV2010 reports:

C:\Documents and Settings\rwilson\Desktop\SuspectFiles.zip=>Suspect3.msg=>(body)=>(Compressed Rtf)=>(Rtf2Html) Trojan.Exploit.Iframe.D (no action was taken)

C:\Documents and Settings\rwilson\Desktop\SuspectFiles.zip=>Suspect1.msg=>(body)=>(Compressed Rtf)=>(Rtf2Html) Trojan.Exploit.Iframe.D (no action was taken)

C:\Documents and Settings\rwilson\Desktop\SuspectFiles.zip=>Suspect2.msg=>(body)=>(Compressed Rtf)=>(Rtf2Html) Trojan.Exploit.Iframe.D (no action was taken)

Note that these are the results of a contextual scan after I found the originally identified messages in the Outlook Archive and saved them seperately on my Desktop.

I'm pretty sure this is a false alarm - the messages in question are part of the same thread and all have the same two embedded pictures (which may or may not be relevant) but the original came from an entirely trusted source.

The problem is I don't understand enough about "trojan.exploit.iframe.d" to know how to verify that it's a false alarm. From what I can interpret online this is a IE bug from a long time ago that could be exploited by tagging executables with different MIME types... so what is BitDefender telling me about these messages? Why are they being flagged?

Find more posts tagged with

Comments

alexcrist

Hello robertwinz,

In order to give you an exact response, we need to forward the detected files to BD Labs, for analysis. Please put the 3 messages in a password-protected archive (using the password infected - details in my signature), upload the archive on a file sharing server of your choice (for instance www.sendspace.com) and send me the download link by PM.

Please note that the received data will be used only for threat analysis, and it won't be made public (as a whole, or parts of it), not even anonymously.

In case this detection is wrong, it will be removed as soon as possible. Otherwise, you will receive further info after the files have been analyzed.

Cris.

alexcrist

Hello,

Detection was indeed incorrect and has been removed. Please update BitDefender and check to see if the problem persists. Thank you for your report.

Cris.

robertwinz

Thanks.

BD no longer detects the "threat" in the zip file I created containing the three suspect messages, however a system scan ran last night and BD still reported the same messages as suspect with the same threat when it found them in the original Outlook .pst file.

I double checked by running a contextual scan on the zip file (no threats found) and a contextual scan on the Outlook .pst (Trojan.exploit.iframe.d threat in same 3 messages) just now.

I suppose that I could upload the Outlook .pst file for you, but it's ~930MB in size and contains a large amount of confidential corporate information, so I would prefer not to do that if there's another way.

As a side note, when I ran the contextual scan on the .pst file BD found a few other real threats (attachments to messages in the Junk folder) that it didn't find in the system scan. Not sure why that is.

robertwinz

I was able to create a new .pst file containing only the three suspect messages that BD still identifies as suspect.

I will send a PM with the download link.

alexcrist

Hello robertwinz,

I am very sorry for the very late reply. I forwarded your files for analysis as soon as I received them, but I forgot to check back to see if the problem was solved. Now I found them on my system and, on a quick scan, no alert was triggered.

Can you confirm that this issue is solved?

Thank you.

Cris.

robertwinz

Yes, the issue is resolved. Thank you.

alexcrist

I am very glad to hear that.

If you have other questions, don't hesitate to post.

Cris.

== CLOSED ==

== Issue solved ==