Trojan.Exploit.Iframe.D

xpa

Hi,

Anyone knows how to clean Trojan.Exploit.Iframe.D?

Thanks in advance.

XPA

Niels

Hi xpa

I suggest that you go to windows update and download all available updates. This is a vulnerability in Internet Explorer. Could you please post where it was found? To receive that kind of information open BitDefender go to general,events. And post the location.

Best regards

Niels

xpa

Bidefender detects it, but can´t clean or even delete it. I submit de information to bitdefender support for analysis.

I hope it appears from a russian customer we have.

Well I try to upgrade the windows, but nothing happens, i can see i have lots of files to upgrade but when i start the upgrade, nothing happens.

Neither Norton or Mcafee detects it!

Niels

Hi xpa

Try this open IE go to tools,internet-options,check the option delete (remove) files and check also the option remove (delete) all offline-files. You can post it here the virus researchers take a look at this forum section. Try this for your windows update issue: http://blogs.microsoft.nl/tonykrijnen/arch...01/18/9885.aspx

What version of BitDefender are you using? I mean BitDefender Antivirus,BitDefender Antivirus Plus or BitDefender Internet Security

Regards

Niels

xpa

I´m using bitdefender 9 professional plus.

The bitdefender online scanner detects it also.

Niels

Hi xpa

If your licence is still active. Then you can upgrade for free to version 10:

http://download.bitdefender.com/windows/de...rus_plus/final/

Did you already tried what I suggested?

Best regards

Niels

xpa

Hi Niels,

Bitdefender Plus 10 did not detected the trojan!

I´m trying what You have suggested, so as soon as it results or not, i´ll let You know.

Thanks,

xpa

xpa

Hi Niels,

After rename the softwaredistribution directory, i finally could update the windows.

But mistery is still alive...

Thanks for your help, but we need to clean the trojan.

xpa

Niels

Hi xpa

So you cleaned you temporary internet files.Could you please post the exact location where the exploit is found.Normally you will find it when you open BitDefender go to general,events. Doubleclick on event where Trojan.Exploit.Iframe.D is found. After that post the location. So I can see where the exploit is located. Perform also an windows update.

Regards

Niels

xpa

Hi Niels,

Windows is updated.

The Virus files are located in a few messages at microsft outlook pst and in a eudora mbx file also.

Obviously i can´t delete the pst file.

I´ll try to delete them manually (!?)

Or any idea?

xpa

xpa

The report, where found infected files:

Sumário:

C:\Documents and Settings\Helena Matos\Definições locais\Application Data\Microsoft\Outlook\Outlook backup.pst=>[subject: FW: Equipment, report][From: João Paulo Machado]=>(body) Suspeitos: Trojan.Exploit.Iframe.D

C:\Documents and Settings\Helena Matos\Definições locais\Application Data\Microsoft\Outlook\Outlook backup.pst=>[subject: FW: KAAZ, VERY URGENT][From: João Paulo Machado]=>(body) Suspeitos: Trojan.Exploit.Iframe.D

C:\Documents and Settings\Helena Matos\Definições locais\Application Data\Microsoft\Outlook\Outlook backup.pst=>[subject: FW: KAAZ, VERY URGENT][From: João Paulo Machado]=>(body) Suspeitos: Trojan.Exploit.Iframe.D

C:\Documents and Settings\Helena Matos\Definições locais\Application Data\Microsoft\Outlook\Outlook.pst=>[subject: RE: KAAZ, VERY URGENT][From: João Paulo Machado]=>(body) Suspeitos: Trojan.Exploit.Iframe.D

C:\EUDORA\INBOX_RB.mbx=>(message 2892) Suspeitos: Exploit.Iframe.Vulnerability

vladx

Hello xpa.

Disable the realtime protection temporatly and delelete Outlook backup.pst and INBOX_RB.mbx manually.

Niels

Hi xpa

After you removed the infected mails while following vladx suggestion :

Open outlook and delete the infected mail. Then empty your deleted items folder. After that go to file, data file management ,select the current mail archive,Setting ,Compact Now.

Do the same in eudora

I don't know if there is a similar option. Delete also the removed as junk mails.

Regards

Niels

vlad

Can you please save the infected mails, archive them with the password "infected" and upload them here? It may be a false alarm (the detection says "suspected"); either way, don't open the mails/attachments (if you haven't already done so). If you can't save them without opening them and they aren't important to you, you can delete them. You may have to temporarily disable the virus shield to save/delete them.

bushdoctor

Hi xpa

After you removed the infected mails while following vladx suggestion :

Open outlook and delete the infected mail. Then empty your deleted items folder. After that go to file, data file management ,select the current mail archive,Setting ,Compact Now.

Do the same in eudora

I don't know if there is a similar option. Delete also the removed as junk mails.

Regards

Niels

Niels, I have just registered to this forum after reading these posts.

I have been using eudora for many years and bitdefender for 1 year. I have just updated to the latest version (2 licenses for 2 notebooks). Both of my notebooks have many viruses/trojans problems which I am still trying to resolve.

Bitdefender tech support does not reply to my emails. They only did once when I phoned them and then they found my email and my bitdefender scan report but their instructions in their reply were relatively simplistic: go into eudora and delete the infected email message. The problem with these instructions is that bitdefender does NOT identify the email message by "date" or "subject" or "from" , bitdefender identifies the email message by "number". There is NO way to find the eudora email message by number therefore I cannot delete.

I phoned bitdefender support germany yesterday but nobody there seems to know how to delete the infected email message. I asked if the virus was in the "body" of the email or in an attachment. They told me the attachment. They did not know why bitdefender did not simply identify the infected file in my attachments directory.

ANYWAY, if you have any ideas on how to find infected eudora email messages pls let me know. Your instructions to the other person with an infected email message in eudora was to delete the file, but I cannot do this becaue I do not want to delete my entire email file/folder, only the infected message.

Here is an example from a scan report:

=================

:\Documents and Settings\KSB\My Documents\Data Eudora\Old.fol\in_Jan_2004_to_Dec_2004.mbx=](message 4037) Generic.Peed.Eml.CAD96B26 Delete Failed (file was in an archive)

C:\Documents and Settings\KSB\My Documents\Data Eudora\Old.fol\in_to_April2000.mbx=](message 4549) JS.Kak.A@mm Delete Failed (file was in an archive)

C:\Documents and Settings\KSB\My Documents\Data Eudora\Old.fol\in_to_April2000.mbx=](message 4428) JS.Kak.Gen@mm Delete Failed (file was in an archive)

C:\Documents and Settings\KSB\My Documents\Data Eudora\Old.fol\in_to_April2000.mbx=](message 4550) JS.Kak.Gen@mm Delete Failed (file was in an archive)

C:\Documents and Settings\KSB\My Documents\Data Eudora\Old.fol\in_Jan_2003_to Dec_2003.mbx=](message 4040) JS.Trojan.Fortnight.E Delete Failed (file was in an archive)

C:\Documents and Settings\KSB\My Documents\Data Eudora\Old.fol\in_Jan_2003_to Dec_2003.mbx=](message 4076) JS.Trojan.Fortnight.E Delete Failed (file was in an archive)

C:\Documents and Settings\KSB\My Documents\Data Eudora\Old.fol\in_Jan_2005_Dec_2005.mbx=](message 4390) Trojan.Exploit.Html.Iframe.Filedownload.JF Delete Failed (file was in an archive)

===========================

Thank you in advance for any suggestions.

best regards

Niels

Hello bushdoctor

When I take a look all these mails are already archived. I recommend that you use this tool. Open the different archives: n_Jan_2004_to_Dec_2004.mbx and so on.

Sort the mails on attachments. You only have to look to mails that have attachments download these.

It could be that you have to shutdown the realtime protection you have to do this : older BitDefender versions righclick on the red BitDefender icon near the system clock go to antivirus and press on real-time protection.

For the newest products rightclick on the item but choose open advanced settings go to antivirus,shield uncheck realtime protection you have to choose for how long you will disable realtime protection.

Best regards

Niels

bushdoctor

Hello bushdoctor

When I take a look all these mails are already archived. I recommend that you use this tool. Open the different archives: n_Jan_2004_to_Dec_2004.mbx and so on.

Sort the mails on attachments. You only have to look to mails that have attachments download these.

It could be that you have to shutdown the realtime protection you have to do this : older BitDefender versions righclick on the red BitDefender icon near the system clock go to antivirus and press on real-time protection.

For the newest products rightclick on the item but choose open advanced settings go to antivirus,shield uncheck realtime protection you have to choose for how long you will disable realtime protection.

Best regards

Niels

Thank you, I will give it a try. I download mbx viewer, open the archive, sort by attachments, then download these (I assume it is self-explanatory where to download etc.), and then I assume I will use bitdefender to identify the email messages with the virus, is this corect?

best regards

Niels

Hello bushdoctor

Sorry that I linked to the main page. Here is a direct download link. You have to press on external link. Yes you must follow the steps that you said. Most of the time you should look to suspicious (spam) mails.

Best regards

Niels

bushdoctor

Hello bushdoctor

Sorry that I linked to the main page. Here is a direct download link. You have to press on external link. Yes you must follow the steps that you said. Most of the time you should look to suspicious (spam) mails.

Best regards

Niels

I had no problems downloading the program. however, I could not open any of the infected mailboxes (files). I kept getting these two error messages:

Error 52 (Bad file name or number) in procedure attachExists of Class Module cMBXConvert

Error 5 (Invalid procedure or argument) in procedure retrieveData of Class Module cMBXConvert

(I typed exactly what the mbx viewer stated).

and a window with an "OK" in it, clicking on OK then brought up another error message. and again, and again, etc. I hit the OK about 100 times and the same eror messages. Seems that the program is looking at each individual email message(?) and with over 6000 email messages this is not practical. I think I confirmed this when I opened another non-infected mailbox and I only had 3 error messages. And mbx viewer numbers each email message so I would be able to find and delete the email message that is infected (I assume mbx viewer numbers by date..... and that this correlates with the way bitdefender numbers the email messages.)

anyway, I am unable to open up any of the infected email mailboxes/files because of these error messages. Do you have a solution for this? Thank you.

[do i have to shutdown bitdefender to use mbx viewer? I do not think so....]

Niels

Hello bushdoctor

I suppose that you have closed Eudora and also take a look in task manager: go to start,run,type taskmgr press enter and kill/quit eudora.exe process. The problem is also that there aren't many freeware alternatives to open archives. You really need to do that because importing such old archives isn't wise but you can always do this normally BitDefender will be able to find the infected mails. I am no developer of that particular software. Or you can try this alternative. Normally BitDefender has nothing to do with that error message.

Best regards

Niels

bushdoctor

Hello bushdoctor

I suppose that you have closed Eudora and also take a look in task manager: go to start,run,type taskmgr press enter and kill/quit eudora.exe process. The problem is also that there aren't many freeware alternatives to open archives. You really need to do that because importing such old archives isn't wise but you can always do this normally BitDefender will be able to find the infected mails. I am no developer of that particular software. Or you can try this alternative. Normally BitDefender has nothing to do with that error message.

Best regards

Niels

Hi Niels

Yes, closed eudora before running mbx viewer. I will try the new download, but first some questions if you do not mind:

1) is the virus in the "email text" running as some kind of ******, or is the virus exclusively in the attachment to the email message?

2) if the virus is in the attachment, why doesn't bitdefender find the virus in my attachment directory/folder?

3) if as you say bitdefender will find infected email messages as long as they are not archives, then I should rename my current "in" box to something like "in2007" and then take turns renaming the "old" archive folders to "in" thereby making the archive files current. Close eudora and run bitdefender. but are you sure that bitdefender will find the infected email message?? I will let you know how it goes.

thank you

Niels

Hello bushdoctor

1) It are scripts that are included in the mail.

2) The infections aren't located in attachments because otherwise BitDefender would have mentioned the name of the attachment.

3) BitDefender should detect it. By default only the new mails are scanned but normally when you perform another scan or the realtime protection is scanning mails you will normally see what messages are infected. But I don't know if that is also the case in Eudora if you now get exact information I mean the subject of the message.

Best regards

Niels

bushdoctor

Hello bushdoctor

1) It are scripts that are included in the mail.

2) The infections aren't located in attachments because otherwise BitDefender would have mentioned the name of the attachment.

3) BitDefender should detect it. By default only the new mails are scanned but normally when you perform another scan or the realtime protection is scanning mails you will normally see what messages are infected. But I don't know if that is also the case in Eudora if you now get exact information I mean the subject of the message.

Best regards

Niels

Dear Niels:

It has been a while but I still have the virus problem. I am able to use mbx viewer to at least locate the date, subject line etc. of the infected message. I then have to go into eudora and delete the emails. I have been mostly succesful except that I am now down to 5 viruses that I cannot get rid of. I have tried to delete them at least 6 times (meaning I have deleted the email message that corresponds to the bitdefender email message number but the viruses keep coming up in other email messages. The viruses are: Exploit.Iframe.Vulnerability (3 of these)

Generic.Peed.Eml.49304E4A

Generic.Peed.Eml.5457C242

I understand that the Iframe is because I do not have the latest windows updates. I would like to clean the computer first and then downlowd the windows updates, but is this impossible? And then what about the Generic.Peed?

any advice would be greatly appreciated.

thank you

Niels

Hello bushdoctor

Disable active scripting for non-trusted sites in your browser. It could be a false positiv. Upload some samples of the mails that are being detected to your next post. So the virus researchers can take a look at it. It could be that BitDefender realtime protection is denying access to these mails. Try to temporary disable the realtime protection of BitDefender by rightclicking on it when you using an old BitDefender version ( prior then 2008 products) and uncheck realtime protection. For the newest products double click on the BitDefender icon press on settings,uncheck realtime protection on the antivirus section choose 5 minutes.

Best regards

Niels

bushdoctor

Hello bushdoctor

Disable active scripting for non-trusted sites in your browser. It could be a false positiv. Upload some samples of the mails that are being detected to your next post. So the virus researchers can take a look at it. It could be that BitDefender realtime protection is denying access to these mails. Try to temporary disable the realtime protection of BitDefender by rightclicking on it when you using an old BitDefender version ( prior then 2008 products) and uncheck realtime protection. For the newest products double click on the BitDefender icon press on settings,uncheck realtime protection on the antivirus section choose 5 minutes.

Best regards

Niels

Niels: I disabled the realtime protection and deleted the email messages that bitdefender identified as viruses, but when I ran bitdefender again the viruses were still there, only in different email messages.

My Internet Explorer's active scripting is disabled for non-trusted sites.

Do you want me to upload the bitdefender scan log? Or actual emails? I do not know how to upload an individual email from eudora...

Please let me know if you have any other suggestions for cleaning these viruses.

thank you

vlad

Generic.Peed.Eml.* are detections for spammed mails with the "Storm Worm", as press worldwite kindly refers to it. You probably actually receive mails everyday with it, since it's spammed very tenaciously, and that's why it keeps appearing.

Neither this, nor Exploit.Iframe.Vulnerability.* aren't self-multiplying, so the first thing that comes to mind is that you actually receive new infected mails all the time (which is quite likely).

If you are still in doubt, a rootkit scan might be useful (Peed, for example, does have a rootkit component).