Skip to content


Reply
Stone Esquire
rfrie63617
Posts: 1
Registered: ‎10-20-2009
Accepted Solution

Mal Hifrm virus

I have received a message from Trend Micro that my computer has been infected by the virus Mal Hifrm. The infected file is C:\...\[1].htm. The virus could not be quarantined or cleaned. I cannot locate this file to delete it or add to quarantined files. Can anyone help? Thank you.

Please use plain text.
Stone Kendo
redalert
Posts: 104
Registered: ‎08-17-2009

Re: Mal Hifrm virus

Hi, can you post your Virus log on this post so we'll know the virus location? Here's how to get the virus log:

http://esupport.trendmicro.com/Pages/How-to-view-and-export-virus-scan-logs-using-Trend-Micro-Intern...

 

Please use plain text.
TEKIAMI
monk3ybidzness
Posts: 18
Registered: ‎10-22-2009

Re: Mal Hifrm virus

Any webpage you view gets saved (will have the extension .htm) in your Temporary Internet Files Folder which is a system protected/hidden folder that's why the infected file cannot be quarantined/deleted.

 

Just clear your Temporay Internet Files Folder from Internet Explorer's Option.

Please use plain text.
Stone Esquire
chamqh
Posts: 1
Registered: ‎11-04-2010

Mal_Hifrm

Aliases: Trojan.Dowiex!inf(Symantec), Troj/Fujif-Gen(Sophos), Trojan-Downloader.HTML.Agent.bp(Kaspersky), HTML/IFrame.Agent.E(Avira), HTML/IFrame (exact)(F-Prot)

In the wild: Yes

Overall risk rating:


Description: 

This is the Trend Micro heuristic detection for suspicious files that manifest similar behavior and characteristics as the following malware:

  • HTML_IFRAME   Mal_Hifrm

If your Trend Micro product detects a file under this detection name, do not execute the file. Delete it immediately especially if it came from an untrusted or an unknown source (e.g., a Web site of doubtful nature). However, if you have reason to believe that the detected file is non-malicious, you can submit a sample for analysis. Detailed analysis will be done on submitted samples, and corresponding removal instructions will be provided, if necessary.

I don't know how to get rid of it. Please help, thanks

Temporary Internet Files\Content.IE5\UWKETWOS\Sub_Iframe_CM_non_freq_pixel_10112010[2].htm

Please use plain text.
Stone Esquire
dracauisec
Posts: 1
Registered: ‎01-17-2012

Mal_Hifrm alerts

We're using Office Scan 10.5 to protect our corporate network and have had Office Scan alert to Mal_Hifrm being detected recently. This has happened to several different users in different buildings over the past few weeks. It's always detected in the Internet Explorer cache and all the users have been performing a search on the same website (don't know if I should mention the site or not but it's a business web site) when the alert occurs. I clear their cache and perform a manual scan which always comes back clean. The Trend Encyclopedia tells me this is a heuristic detection and I cannot replicate the alert by going to the website myself and performing a search. It appears to happen randomly as far as user, time, frequency of site visit, etc., but always at this one website. My question is who should I take this to? Do I submit a ticket or false positive submission to Trend or should I alert the web site owner?

Please use plain text.
Legendary Noble
malwarekiller
Posts: 3,967
Registered: ‎08-08-2011

Re: Mal_Hifrm alerts

Welcome aboard! Posted Image

 

Just follow the below instructions and your problem will be solved...

Download ComboFix from the any of the locations given in this website:

    • IMPORTANT !!! You need to Save ComboFix.exe to your Desktop
      • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here
      • Double click on ComboFix.exe & follow the prompts.
      • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
      • If you already have the Recovery Console preinstalled, it will not ask for the following. If it does prompt, allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

      Posted Image

      Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

      Posted Image

      Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

      When finished, it shall produce a log for you. Please copy & paste the contents of this log (also found at C:\ComboFix.txt) in your next reply at your topic.

      NEXT

      Download AVPTool from Here to your desktop  
         
      Run the programme you have just downloaded to your desktop (it will be randomly named )  
        
      First we will run a virus scan   
       
      Click the cog in the upper right

       

       Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

       

       

       

      Allow AVP to delete all infections found
      Once it has finished select report tab (last tab)
      Select Detected threats report from the left and press Save button
      Save it to your desktop and attach to your next post 

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Honored Noble
galbicka
Posts: 165
Registered: ‎02-26-2010

Re: Mal_Hifrm alerts

malwarekiller, I appreciate you trying to help those with serious infections but I don't see how this post falls in that category? Your answer doesn't seem to answer the OP's question.

 

dracauisec, I use OSCE 10.6 and get the same occasional detections with the same scan results and am interested as well in what the suggested course of action would be from a Trend employee.

Please use plain text.
Legendary Noble
malwarekiller
Posts: 3,967
Registered: ‎08-08-2011

Re: Mal_Hifrm alerts

[ Edited ]

As u see...the OP said that every time he clears the cache and the alert comes again on opening IE....

 

So i am advising him on how to get rid of it...

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Honored Noble
galbicka
Posts: 165
Registered: ‎02-26-2010

Re: Mal_Hifrm alerts

I don't read where the OP says that so I guess we are translating the question differently.

Please use plain text.
Stone Esquire
woss
Posts: 1
Registered: ‎06-01-2012

Chinese malware...

Trying to log in to the Chinese medicines agency I used the address www.sfdachina.com/info/64-1.html (or sfdachina.com) which instantly gave an alarm from Trend Office. (MAL-HIFRM) (Correct address www.sfda.gov.cn  ). I have a strong feeling that something got through anyway, and had a lot of trouble cleaning the PC. But did I get rid of all the problems? Trend scanning hangs the computer even after reinstall. Something bound to my user profile...

 

Any thoughts? And dont start the first link unless you are prepared....

Please use plain text.