Hello, can anyone advise me please?
I picked up Trojan-Clicker.HTML.IFrame.9v, ZA seemed to pick it up soon after it arrived as a scan was not scheduled for that time.
I wondered if there is any way to identify which site delivered it, I was looking for footstools, I saw a couple I liked but I m now reluctant to return to any of them.
A search showed a similar question (6-4-2008 Thread 3945) but the poster was using Firefox I use Internet Explorer 7.0 5730 11 so assume the solution didn t apply.
Like the last poster I have since cleaned the cache so may well have lost any trace.
Operating System:Windows XP Pro
Product Name:ZoneAlarm Internet Security Suite
If the html file is deleted by the cleaning of the browser's cache, then it is too late.
If the file was still there, it could be read and the site or the files pointed to could be seen.
Myself I use webwasher classic and privoxy- both log all files for the browser so I do have complete records, but still the actual file would have to read and the included iframe file/locations would then point to the possible bad site or involved bad files or what the possible threat relly was all about in the first place.
Usually if the resident scanner kicks in and say the file in the browser's cache is malicious, I comply and let it delete the file.
Thanks for your for your reply, I don t have either of the programmes you mentioned.
As you say, I seem to have destroyed the evidence by cleaning the cache.
If it happens again how would I go about tracking down the offending site, before cleaning up any temporary files please?
The IE can block iframes and frames if configured in it's Tools.
First find the exact html in the browser cache as defined by the antivirus full time scanner.
Open the html with the notepad, not the browser.
Look for the iframe tags in that page.
Then look for either the incorrect sourrce url in the code or that is the correct url and it is the link to the malicious server or file.
Invisible IFrames will usually include dimensions that are similar to webug sizes (1x1, 1x2, 2x1, 1x100, etc), but still linked back to a Url or a specific file of a server.
If the browser did manage to download the malicious file, it still will be located in the browser's cache.
Lots of work to find the bad code in the files of the browser.
Message Edited by Oldsod on 07-02-2008 04:45 PM
Thanks for the information Oldsod.
Your post got me to have a look at my privacy settings and as a result I found that some things, like third party cookies that I thought were blocked, were not. I will look at filtering as you suggest.
Many thanks again for your help.
It kinda stinks that we both had the same problem just looking at regular stuff, you a stool and me some classes and products.
Hope things are fixed