My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.IFrame.BI

MEDIUM
MEDIUM
varies

Symptoms

This is a script virus, and due to it's generic nature, there are no obvious symptoms. However, unusual internet traffic might be observed, as well as suspicious running processes and unwanted files.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Cristian Lungu, virus researcher

Technical Description:

Trojan.IFrame.BI is a small html code that opens a hidden browser window from the followind address:
http://(removed)/in.cgi?6
http://(removed)/~fen0men/ice/index.php
http://(removed)/in.cgi?2
http://(remove)/tds.php?th=345
http://(remove)/counter.php
http://(remove)/berbj/snow.php?adv=845
http://(remove)/check/upd.php?t=599
http://(remove)/tds/in.cgi?2
http://(remove)/if/preif.php

These adresses contain other Trojan.IFrames that are chained togheter and redirect in the end to a number of exploit scripts that download and install trojans. Due to the complex chaining sistem that this Trojan.IFrame uses, the exploit scripts and the Trojans that they download may change.