HTML:IFrame-HM [Trj]
If your computer is infected with HTML:IFrame-HM [Trj], you may follow the procedure on this page to contain this threat. Remove the Trojan at once before it can further harm the system.
HTML:IFrame-HM [Trj] is a detection for an infected web pages that can harm visiting computers by executing commands unknown to users. This Trojan is injected as a malicious and invisible Iframe into clean web pages. Typically, it starts the attack by searching the infected computer for File Transfer Protocol (FTP) user name and passwords. It then uses the gathered credential to login to web servers and infect a web file. A code will be inserted to the header part of the web page that runs a script in order to infect visitor’s computer.
Alias: Trojan-Downloader.HTML.IFrame.ii, TrojanClicker:HTML/Iframe.H, Mal/Iframe-F, HTML/Iframe.B!Camelot
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
HTML:IFrame-HM [Trj] is a detection for Trojan that attacks web files. It injects invisible Iframe into legitimate web page or files possibly through SQL injection incident. The code is usually found at the end of the compromised HTML file, which is unusual from other Iframe attacks where code occurs at the head of the page.
Malicious Iframe may have the following payload:
- Redirects visitors to another malicious web sites
- Utilize infected web sites for rogue anti-virus campaign
- Hosts other Trojans with similar functionalities
- Execute commands and download files on visitor’s computer
Distribution
The Trojan evolves in computer-to-web site and web site-to-computer mechanism. Infected web site will drop malicious file to victim’s system and steal FTP user name and password to gain web site access. Once it penetrates the web site using infected user’s credential, it injects Iframe code to perform the malicious routine. Basically, it greatly affects those users who are maintaining a web site. Thus, it is important to refrain from saving user name and passwords when accessing web-hosting accounts.
How to Remove HTML:IFrame-HM [Trj]
NOTE: We suggest that you PRINT or BOOKMARK this guide. There are steps that we may have to restart the computer in order to successfully remove the threat.
Step 1 : Scan and remove HTML:IFrame-HM [Trj] with this special tool
This guide requires a tool called Malwarebytes' Anti-Malware. It is a free tool designed to eradicate various computer infections including HTML:IFrame-HM [Trj]. MBAM scanner and malware removal tool is distributed for free.
1. In order to completely remove HTML:IFrame-HM [Trj], it is best to download and run the recommended tool. Please click the button below to begin download.
2. After downloading, double-click on the file to install the application. If you are using Windows Vista or Windows 7, right-click on the file and select 'Run as administator' from the list.
3. When User Account Control prompts, please click Yes to proceed with the installation.
4. Follow the prompts and install as 'default' only. There are no changes needed during the installation process.
5. Before the installation procedure ends, MalwareBytes Anti-Malware will ask for database update, please proceed.
6. Click Finish button after installation. Program will run automatically run and you will be prompted to update if newer version of database is available.
7. At this moment, close MalwareBytes Anti-Malware and proceed with the next step.
Step 2 : Run a scan with your antivirus program
1. Repeat the process of starting Windows in Safe Mode with Networking.
2. Open your antivirus program and download the most recent update. This method ensures that your antivirus program can detect even newer variants of HTML:IFrame-HM [Trj].
Updating your antivirus software is a one-click process. Please refer to your software manual for complete instructions.
3. Once updating is finished, run a full system scan on the affected PC. After the scan, delete all infected items. If unable to clean or delete, better place the threat in quarantine.
Step 3: Run another test with online virus scanner
Another way to remove HTML:IFrame-HM [Trj] without the need to install additional antivirus software is to perform a thorough scan with free online virus scanner. It can be found on websites of legitimate antivirus and security provider.
1. Click the button below to proceed to the list of suggested Online Virus Scanner. Choose your desired provider. You can run each scan individually, one at a time, to ensure that all threats will be removed from the computer. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
2. After completing the necessary download, your system is now ready to scan and remove HTML:IFrame-HM [Trj] and other kinds of threats.
3. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
4. Remove or delete all detected items.
5. When scanning is finished, you may now restart the computer in normal mode.
Alternative Removal Procedures for HTML:IFrame-HM [Trj]
Option 1 : Use Windows System Restore to return Windows to previous state
If HTML:IFrame-HM [Trj] enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before HTML:IFrame-HM [Trj] infiltrates the PC, we highly encourage you to execute this procedure if none of the above works.
To verify if System Restore is active on your computer, you can type system restore into the Start menu search box. Typing rstrui on the same box and pressing Enter also opens this function.
If previous restore point is saved, you may proceed with Windows System Restore. Click here to see the full procedure.
Ways to Prevent HTML:IFrame-HM [Trj] Infection
Take the following steps to protect the computer from threats. Suggested tools and security setup within installed software helps prevent the same attack on your PC.
Install an effective anti-malware program
Your first line of defense would be an effective security program that provides real-time protection. We have a list of anti-malware program that are tried and tested. It does not only scan files but also monitors your Internet traffic and is extremely active on blocking malicious communication. Click on the button below to download our recommended anti-malware program.
STHK
Sep 05, 2009 @ 01:54:59
My anti-virus is giving warning of “HTML:IFrame-JS [Trj]”
when I open any website several times.
How I can get rid of this Trojan?
Jaime
Jul 15, 2012 @ 20:32:30
Hello,
I had the same problem across all websites hosted on my server. Over 20 websites. What a mess!! It attacks your JS folders/files. However, searching over and over again on the internet did not help me resolve the issue! I found some very well written lengthy intelligent comments on ideas for removal but, nothing helped. This is in fact VERY easy to get rid of. I decided to simply overwrite all the files that were infected with the original files. DONE. That easy.
Make sure your virus software is running (I use avast). So, every time you refresh your infected site, avast will pop up a message and tell you where the file is located that is infected. Then you simply log into your FTP (I use Filezilla) and then overwrite the file that is infected with the original file. Then you refresh your website again, find the next infected file etc…until it’s gone! Good luck to everyone! I hope this helps. ~JK