Mal/Iframe-AA detects malicious javascript added into existing javascript sections on webservers.  As such, you are most likely detecting this in your browser cache, unless your computer is also a compromised web server.  The best solution is just to clear your browser cache and watch the quarantine item vanish.  If it doesn't, then removing by hand should work just fine -- but if you ARE running a compromised web server, you should remove the malicious code from your web pages and then patch against the exploit that was used to drop it there in the first place.  This will require auditing your server logs.

DIFFICULTY IN MANUALLY REMOVING VIRUS:    I have an apple mac and after few hours scanning the local drives with sophos a threat was detected Mal/ChepVil-A         Named UPS_Document.exe... I tried to clean it up from quarantine manager but it wouldn't and said had to be done manually by clicking on Action tab in browser. Sadly there wasn't an action tab so i need some help in order to manually remove this threat from my computer. Any help woold be most welcome. Many thanks Simon Robinson.

---

simonjr4 wrote:

DIFFICULTY IN MANUALLY REMOVING VIRUS:    I have an apple mac and after few hours scanning the local drives with sophos a threat was detected Mal/ChepVil-A         Named UPS_Document.exe... I tried to clean it up from quarantine manager but it wouldn't and said had to be done manually by clicking on Action tab in browser. Sadly there wasn't an action tab so i need some help in order to manually remove this threat from my computer. Any help woold be most welcome. Many thanks Simon Robinson.

---

That's a Windows Bredo bot mass-mail malware; as such, all you have to do is delete the email in your inbox/spam folder referring to your UPS invoice that has that executable attached.  No further cleanup needed.  This will not infect a Mac.

Many thanks to Andrew. Your reply was very helpful and reassuring. Regards Simon.

where is the action tab?? 

I think he meant in the Sophos Anti-Virus program, not the browser.

I also think he was talking about the Options tab accessed by editing a manual scan or selecting On-access Scanning from the Preferences dialog.  The action is selected via the select list positioned beside the text "When a threat is found:".

I could be wrong, however.