Technical Support and Feedback - Possible virus in content on front page

I've hit it multiple times last night and now again today, only on www.flyertalk.com (just the front page). I'm using IE9 on Win7 SP1 X64 with the Fanboy & EasyPrivacy TPL's/ad-blockers.

Microsoft Forefront Endpoint Protection 2010 is flagging something as "Trojan:JS/IframeRef". That doesn't appear to be a recent threat, and fortunately the software removes it. But you might want to have a look.

Win 7 Professional 32-bit. Getting same trojan hit only on front page from Forefront Client Security with definitions 1.123.1537.0. IT reimaged machine and it still happens.

I am having the same issue with MSE flagging JS/iframeref on the www.flyertalk.com home page. Is anything being done about this?

Same here, with Forefront Security as well. My corporate IT guys are going to block this site now. What is going on?

Same here, with Forefront Security as well. My corporate IT guys are going to block this site now. What is going on?

I am having the same issue with MSE flagging JS/iframeref on the www.flyertalk.com home page. Is anything being done about this?

Could those who are seeing this warning refresh their browsers and see if it's something cached locally? CTRL-F5. We're seeing so few reports of this I'm loathe to think it's something on our home page, but we'll look again. Tech hasn't seen anything over the last couple of weeks.

I just completely deleted my all temporary Internet files and cookies, closed my browser, rebooted and went back to Flytalk's main page. Boom. I immediately got a warning from Microsoft Forefront Endpoint Protection for Trojan:JS/IframeRef.

If I enter the site through a URL that takes me directly to a specific forum, I do NOT get the warning. There is something on the main page that is happening.

Here is the technical commentary for this:

Technical Information (Analysis)

Exploit:HTML/IframeRef.gen is generic detection for specially formed IFrame tags that point to remote Web sites containing malicious content, for example malicious Javascript containing an exploit for a specific vulnerability.

Installation

An IFRAME is a valid HTML element which allows content from a separate page or Web site to be embedded in other Web site pages. In the case of Exploit:HTML/IframeRef.gen, a malicious IFrame is appended at the end of local html files. The rendered IFrame may be only one pixel in length to avoid being spotted by the user.

Exploit:HTML/IframeRef.gen requires that a user view or visit the Web sites or open the HTML page in order for malicious action to occur.

I'm seeing it on several brand new computers that have nebver visited flyertalk.

AVG Reports:

Threat Blocked
powerpint.net/in.cgi?2
Virus identified, HTML/Framer.FM (more)

My computer has never been the same since I started having the powerpint.net errors.

I have tried several programs to try and eradicate the problem... but my computer will not return to its former speed. Not sure what to do... very disappointed.

I'm getting a hit on the front page this weekend. Avast reports the URL as (spaces added):
http:// ui.ibsrv.net /ibsrv /res /src:www.flyertalk.com /get /js /nav.js

Could those who are seeing this warning refresh their browsers and see if it's something cached locally? CTRL-F5. We're seeing so few reports of this I'm loathe to think it's something on our home page, but we'll look again. Tech hasn't seen anything over the last couple of weeks.

Anything happening to fix this? Other people (at other sites) are reporting getting malware warnings when they come to FT.

Tech is still looking into this; we are not seeing the warnings on our end, so they're trying to get as much info on browser type/version and which page(s) on FT you're seeing the warning?

It looks like some users' browsers cached an infected file: nav.js.

Please purge your cache. We will do the same on our end. If this does not cause the warning to disappear, let me know and we'll dig deeper.

Any new warning messages? Did we lick it?

I had a super-nasty virus infection in March (not, AFAIK, from FT) which required reimaging and reinstalling huge amounts of software and data, twice. I'm not risking another virus to check whether this works. Surely there are other ways to check rather than asking FTers to take the risk.