HTML:IFrame-HM [Trj]
HTML:IFrame-HM [Trj] is a detection for an infected web pages that can harm visiting computers by executing commands unknown to users. HTML:IFrame-HM is injected as a malicious and invisible Iframe into clean web pages.
Alias: Trojan-Downloader.HTML.IFrame.ii, TrojanClicker:HTML/Iframe.H, Mal/Iframe-F, HTML/Iframe.B!Camelot
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
HTML:IFrame-HM [Trj] is a detection for Trojan that attacks web files. It injects invisible Iframe into legitimate web page or files possibly through SQL injection incident. The code is usually found at the end of the compromised HTML file, which is unusual from other Iframe attacks where code occurs at the head of the page.
Malicious Iframe may have the following payload:
- Redirects visitors to another malicious web sites
- Utilize infected web sites for rogue anti-virus campaign
- Hosts other Trojans with similar functionalities
- Execute commands and download files on visitor’s computer
Distribution
The Trojan evolves in computer-to-web site and web site-to-computer mechanism. Infected web site will drop malicious file to victim’s system and steal FTP user name and password to gain web site access. Once it penetrates the web site using infected user’s credential, it injects Iframe code to perform the malicious routine.
How to Remove HTML:IFrame-HM [Trj]
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus application and update the virus definition file. This method ensures that your antivirus program can detect even newer variants of HTML:IFrame-HM [Trj]
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Online Virus Scanner:
Another way to remove HTML:IFrame-HM [Trj] without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found on websites of legitimate anti-virus and security provider.
5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished you may now restart the computer in normal mode.
STHK
Sep 05, 2009 @ 01:54:59
My anti-virus is giving warning of “HTML:IFrame-JS [Trj]”
when I open any website several times.
How I can get rid of this Trojan?