HTML:IFrame-JS [Trj]

HTML:IFrame-JS [Trj] is a detection for a Trojan that injects itself as an IFrame on web page main file. This infection may lead to malicious actions such as browser redirection and downloading of other web-based malware and backdoor Trojan on to the computer. This attack is vice-versa, meaning computer can infect a web site or web site may infect the computer.

Web site to computer infection
When user visited an infected web site, resident Trojan will look for software vulnerabilities on visitor’s computer, usually on this attack they targeted Adobe Acrobat Reader and Internet browser’s security flaw. Utilizing an IFrame tag with malicious Java Script, Trojan attempts to gain access to the system. Then, it injects malicious codes to the system and start monitoring victims Internet activities.



Computer to web site infection
Trojan on your computer will monitor any activities relevant to Internet usage. It steals information such as user name and passwords on all your online account and this includes access to web hosting control panel if you are a webmaster. Typically, it collects File Transfer Protocol (FTP) accounts from victims PC. Using the stolen account, Trojan will access the web site’s control panel and infects main web files like main, default, index, and home. Next, Trojan will embed a malicious Java script code that will process ‘web site to computer infection.’

How to know if your web site is infected
Aside from complaints you may receive from disturbed visitors, built-in web site blocking mechanism of Internet browser’s will alarm you for imminent danger when visiting a compromised site. Manually inspecting your web site files and witnessing a presence of encrypted Java Script code signifies the presence of HTML:IFrame-JS [Trj].

How to recover from HTML:IFrame-JS [Trj] infection
1. First, you have to clean the computer. Run a virus scan and delete all detected threats. See the guide below on how to effectively clean the system.

2. Disconnect your Internet connection and remove any configuration that automatically saves your FTP password.

3. If you are confident that your computer is free from threats, access your web host control panel and change your FTP password.

4. While still on control panel, explore your main file (index.htm, home.htm etc…) and delete the unwanted Java Script code.

5. Back at your PC, ensure that all necessary software updates are installed, particularly antivirus program. It is safer not to configure your FTP program to ‘remember your password.’

How to Remove HTML:IFrame-JS [Trj]

NOTE: We suggest that you PRINT or BOOKMARK this guide. There are steps that we may have to restart the computer in order to successfully remove the threat.

Step 1 : Run a scan with your antivirus program

1. First thing you should do is reboot the computer in Safe Mode with Networking to avoid HTML:IFrame-JS [Trj] from loading at start-up.

Remove all media such as Memory Card, cd, dvd, and USB devices. Then, restart the computer and please do the following:

Boot in Safe Mode on Windows XP, Windows Vista, and Windows 7 system
a) Before Windows begins to load, press F8 on your keyboard.
b) It will display the Advanced Boot Options menu. Select Safe Mode.

Start computer in Safe Mode using Windows 8 and Windows 10
a) Close any running programs on your computer.
b) Get ready to Start Windows. On your keyboard, Press and Hold Shift key and then, click on Restart button.
c) It will prompt you with options, please click on Troubleshoot icon.
d) Under Troubleshoot window, select Advanced Options.
e) On next window, click on Startup Settings icon.
f) Lastly, click on Restart button on subsequent window.
g) When Windows restarts, present startup options with numbers 1 - 9. Select "Enable Safe Mode with Networking" or number 5.

Startup Options

h) Windows will now boot on Safe Mode with Networking. Proceed with virus scan as the next step.

2. Once Windows is running under Safe Mode with Networking, open your antivirus program and download the most recent update. This method ensures that your antivirus program can detect even newer variants of HTML:IFrame-JS [Trj].

Updating your antivirus software is a one-click process. Please refer to your software manual for complete instructions.

3. Once updating is finished, run a full system scan. After the scan, delete all infected items. If unable to clean or delete, better place the threat in quarantine.

Step 2: Run another test with Norton Power Eraser

1. Click on the button below to download Norton Power Eraser from official web site. Save it to your desktop or any location of your choice.

NPE Download

4. Once the file is downloaded, navigate its location and double-click on the icon (NPE.exe) to launch the program.
5. Norton Power Eraser will run. If it prompts for End User License Agreement, please click on Accept.
6. On NPE main window, click on Advanced. We will attempt to remove HTML:IFrame-JS [Trj] components without restarting the computer.

Advance Scan

7. On next window, select System Scan and click on Scan now to perform standard scan on your computer.

Scan the System

8. NPE will proceed with the scan. It will search for Trojans, viruses, and malware like HTML:IFrame-JS [Trj]. This may take some time, depending on the number of files currently stored on the computer.

9. When scan is complete. All detected risks are listed. Remove them and restart Windows if necessary.

Alternative Removal Methods for HTML:IFrame-JS [Trj]

Option 1 : Use Windows System Restore to return Windows to previous state

During an infection, HTML:IFrame-JS [Trj] drops various files and registry entries. The threat intentionally hides system files by setting options in the registry. With these rigid changes, the best solution is to return Windows to previous working state is through System Restore.

To verify if System Restore is active on your computer, please follow the instructions below to access this feature.

Access System Restore on Windows XP, Windows Vista, and Windows 7

a) Go to Start Menu, then under 'Run' or 'Search Program and Files' field, type rstrui.
b) Then, press Enter on the keyboard to open System Restore Settings.


Open System Restore on Windows 8

a) Hover your mouse cursor to the lower left corner of the screen and wait for the Start icon to appear.
b) Right-click on the icon and select Run from the list. This will open a Run dialog box.
c) Type rstrui on the 'Open' field and click on OK to initiate the command.


If previous restore point is saved, you may proceed with Windows System Restore. Click here to see the full procedure.


About Marco Mathew

Marco Mathew works as Windows Network administrator before establishing Now, Marco is dedicating full-time to help computer users' fight viruses, malware, trojan, worms, adware, and potentially unwanted programs.


  1. AvatarDn.net7

    I bought a product but is infected with malware JS: Iframe-JI [Trj]. when I download my antivirus Avast detected.
    So I did not go soon abondonei

  2. AvatarB. Fulr

    Avast had detected the Iframe-bsf [trj] on my computer and has placed it in a quarantine chest. Is that sufficient? Will placing this in quarantine be enough to keep my computer safe?
    Also, is there any way to know what web page gave my computer a virus?
    Thank you

Leave a Comment

Your email address will not be published. Required fields are marked *