This malicious JavaScript may be downloaded unknowingly by a user when visiting a certain malicious Web site. It may also be hosted on a malicious Web site.
This is Trend Micro's detection for Web pages that were compromised through the insertion of a certain iFrame tag.
The malicious portion of this script is encrypted to hide its iFrame code.

Once an unsuspecting user visits an affected Web page, this malicious JavaScript connects to the Web page http://{BLOCKED}tuffdeals.com/docs/theme.htm to download another script which also contains an iFrame exploit. Trend Micro detects the said script as HTML_IFRAME.CX. As a result, malicious routines of the downloaded script are exhibited on the affected system. Solution:

Note: To fully remove all associated malware, perform the clean solution for HTML_IFRAME.CX.
Close all instances of Internet Explorer before proceeding with the solution below.
Important Windows ME/XP Cleaning Instructions
Users running Windows ME and XP must disable System Restore to allow full scanning of infected computers.
Users running other Windows versions can proceed with the succeeding solution set(s).
Running Trend Micro Antivirus
If you are currently running in safe mode, please restart your computer normally before performing the following solution.

Scan your computer with Trend Micro antivirus and delete files detected as JS_IFRAME.CW. To do this, Trend Micro customers must download the latest virus pattern file and scan their computer. Other Internet users can use HouseCall, the Trend Micro online virus scanner.