4 Replies Latest reply on Dec 2, 2011 11:55 PM by LarryLegend

    HTML/IFRAME.GEN

      I have Mcafee Security Center installed on my computer.

       

      I was infected with a Virus know as HTMLIframe.gen virus which was not picked up by Mcafee but by Microsoft Essentials and System Mechanics.

       

      Microsoft removed the virus remotely free of charge.

       

      I am left now with permanently failing hard drive that requires replacement. I am very unhappy McAfee did not pick up or prevent this virus from corrupting my computer and wondering what, if anything can be done to retify this mishap ??

       

      Virus name: HTML/iframe.gen

      Attaches itself to metatags on websites ( not detected by McAfee )

       

      Thanks

        • 1. Re: HTML/IFRAME.GEN
          Peter M

          Unfortunately it's a fact of life that no antivirus software is perfect.  What one catches the other may miss and vice-versa.  That's why there are so many other tools available.

           

          The first insurance against this sort of thing is to be extra careful where you surf and what you click on or download.    Browser early warning systems such as SiteAdvisor come in useful there.

           

          In addition to your antivirus (only have one installed, more can be dangerous) it's always wise to have one or more anti-malware tools hand and updated, just in case.

           

          There are some listed here under '3rd Party Tools': https://community.mcafee.com/docs/DOC-2168

           

          Also it is vital to keep all aspects of your operating system up to date, even any parts you may not use, in particular your browsers, I.E. Firefox etc. and any associated add-ons.   You don't state what OS and service pack this is but I would trust that you are up to date. 

           

          If a scanner misses something and you have a chance to report it to them then it's good to do that.  McAfee has such a system too:  http://www.mcafee.com/us/mcafee-labs/resources/how-to-submit-sample.aspx

           

          It is rare for an infection to cause hardware failure and if it happens it's usually because something overheated.   Are you sure that hard drive can't be saved by doing a disk check?

           

          Start/Run and type in chkdsk /r (with the space) or chkdsk X: /r (with the spaces and X being whatever that drive letter is).

           

           

           

           

          .

           

           

           

           

           

           

           

          Message was edited by: Ex_Brit on 30/11/11 7:57:26 EST AM
          • 2. Re: HTML/IFRAME.GEN
            Hayton

            This exploit comes in many different varieties, and you don't specify which one infected your machine. McAfee has a list of at least half a dozen, most of them known about and covered since at least as far back as 2009. It's possible that what you got was a new variant, not yet detected by McAfee.

             

            It's not this piece of malware that necessarily does any damage, it's what else gets downloaded once it's installed.

            Eset - HTML-Iframe.B.Gen.png

            1 of 1 people found this helpful
            • 3. Re: HTML/IFRAME.GEN
              Nitin Kumar

              Hi,

               

              Please submit this sample <http://www.mcafee.com/us/mcafee-labs/resources/how-to-submit-sample.aspx > , It must be in quarantine folder.

               

              Regards,

              Nitin Kumar

              McAfee SME

              • 4. Re: HTML/IFRAME.GEN

                Actually is not being picked up by McAfee. System Mechanics is picking it up on my computer.

                 

                File name being blocked at the moment is this:

                 

                USERS \APPDATA\ LOCAL\ MICROSOFT WINDOWS\ TEMPORARY INTERNET FILES\ LOW \CONTENT.IE5\ S8RP4V98\AC@BOTTOM3[1].HTM

                 

                This is only a generic name ( not the actual file downloaded )

                 

                The numbers after CONTENT.IE5 change each time it is blocked but everything else remains the same.

                 

                I have looked for and tried to erase these files. They are embedded pretty good in there.

                 

                If can isolate the actual files I will submit them to the labs so this doesn't occur to others!