Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help: JS/Loding.B & HTML/IFrame_Exploit


  • Please log in to reply
3 replies to this topic

#1 nessu

nessu

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 09 July 2004 - 08:43 AM

Hi:

I ran the free RAV online scan for the first time yesterday and found several instances of the "JS/Loding.B" and one "HTML/IFrame_Exploit. RAV would not clean them. J/S Loding.B infections were located in the C:\Windows\Temporary Internet Files\Content IE5, and HTML/IFrame_Exploit was found once in a Windows Application file that includes my full email address--it looks something like this: "C:\Windows\Application\myemailname-myisp-com" with some random characters added.

The weird thing is, the JS/Loding files are 3 YEARS OLD and I've had no symptoms of a virus. I ran this scan only because I'm switching AV programs and want to be sure my computer is clean. I have in the past run other online scans--Panda, Trendmicro, Trojanscan--and have come up clean. NAV has also never found any virii on my system. A google search on these infections was inconclusive.

Please let me know if you have any info on these. Are they virii/worms/trojans? Could this be a false positive? If not, what do I need to do to get rid of them? I've heard that clearing out the Content IE5 files has harmed some user's systems--I don't know if this is accurate info. Thank you for your advice. (System info: NAV, ZoneAlarm free, Adaware, Spybot S&D, SpywareBlaster, IESpyad, and IE6.)

BC AdBot (Login to Remove)

 


#2 ColdinCbus

ColdinCbus

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 09 July 2004 - 09:28 AM

To clear out those files, in IE, click on tools -> Internet Options.
Under the Temporary Internet Files section, click Delete files.


Regarding the HTML/IFrame_Exploit, here is the fix from Microsoft.
http://www.microsoft.com/windows/ie/downlo...108/default.asp

Edited by ColdinCbus, 09 July 2004 - 09:29 AM.


#3 nessu

nessu
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 09 July 2004 - 10:08 AM

Thank you for your response, but I forgot to add--I have applied all my security patches--Windows Update shows nothing to be downloaded. Also, I have already emptied my temporary files using that method--Tools, Internet Options, Delete Cookies, Delete Files...

#4 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:02:26 PM

Posted 09 July 2004 - 05:54 PM

NAV has also never found any virii on my system.

It never finds any on my clients computers either,but other AV's do so don't trust Norton.
Now as for JS/Loding.B :
Loding.B is an e-mail worm, which like VBS.Loading.A , spreads a link to a location of the code (instead of the code itself).

The worm is activated upon visiting a web site containing the worm script, an html page loading and executing it.

When activated the worm sends an e-mail to all addresses found in all located lists on a user's system.

The Subject line of the message reads:

" Hi ! "

The message body reads:

" Hi, how are you ? I am fine here. Please read the page
[the url to an affected site ] to get some knowledge and prevent
somebody hack you. Forword this mail to help all your friends too."


Also, Loding.B changes the Internet Explorer Start Page and points it to the affected site.

I delete the C:\Windows\Temp Internet folder regularly and Windows puts a new one back when the browser restarts. If you are still unsure about deleting the whole folder just right click each infected file and delete each one. (might need Safe Mode) You did not say which version of Windows you're using.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users