10-20-2009 04:45 PM
I have received a message from Trend Micro that my computer has been infected by the virus Mal Hifrm. The infected file is C:\...\.htm. The virus could not be quarantined or cleaned. I cannot locate this file to delete it or add to quarantined files. Can anyone help? Thank you.
Solved! Go to Solution.
10-21-2009 08:10 AM
Hi, can you post your Virus log on this post so we'll know the virus location? Here's how to get the virus log:
11-10-2009 06:35 AM
Any webpage you view gets saved (will have the extension .htm) in your Temporary Internet Files Folder which is a system protected/hidden folder that's why the infected file cannot be quarantined/deleted.
Just clear your Temporay Internet Files Folder from Internet Explorer's Option.
11-04-2010 02:57 PM
Temporary Internet Files\Content.IE5\UWKETWOS\Sub_Iframe_CM_non_freq_
01-17-2012 04:08 AM
We're using Office Scan 10.5 to protect our corporate network and have had Office Scan alert to Mal_Hifrm being detected recently. This has happened to several different users in different buildings over the past few weeks. It's always detected in the Internet Explorer cache and all the users have been performing a search on the same website (don't know if I should mention the site or not but it's a business web site) when the alert occurs. I clear their cache and perform a manual scan which always comes back clean. The Trend Encyclopedia tells me this is a heuristic detection and I cannot replicate the alert by going to the website myself and performing a search. It appears to happen randomly as far as user, time, frequency of site visit, etc., but always at this one website. My question is who should I take this to? Do I submit a ticket or false positive submission to Trend or should I alert the web site owner?
01-17-2012 05:08 AM
Just follow the below instructions and your problem will be solved...
Download ComboFix from the any of the locations given in this website:
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
Click the cog in the upper right
Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post
01-20-2012 06:44 AM
malwarekiller, I appreciate you trying to help those with serious infections but I don't see how this post falls in that category? Your answer doesn't seem to answer the OP's question.
dracauisec, I use OSCE 10.6 and get the same occasional detections with the same scan results and am interested as well in what the suggested course of action would be from a Trend employee.
01-20-2012 06:53 AM - edited 01-20-2012 06:55 AM
As u see...the OP said that every time he clears the cache and the alert comes again on opening IE....
So i am advising him on how to get rid of it...
06-07-2012 01:48 AM
Trying to log in to the Chinese medicines agency I used the address www.sfdachina.com/info/64-1.html (or sfdachina.com) which instantly gave an alarm from Trend Office. (MAL-HIFRM) (Correct address www.sfda.gov.cn ). I have a strong feeling that something got through anyway, and had a lot of trouble cleaning the PC. But did I get rid of all the problems? Trend scanning hangs the computer even after reinstall. Something bound to my user profile...
Any thoughts? And dont start the first link unless you are prepared....