JS_Dloader.TVP is malicious JavaScript that arrives as file downloaded by JS_IFRAME.US from the URL http://www.{BLOCKED}ena.com/1.htm.

It is usually embedded in exploited/compromised Web sites through insertions of malicious iFrame tags. It may be installed unknowingly by a user when visiting malicious/compromised Web sites.

The said iFrame tag is used to download several files from the URL http://www.{BLOCKED}ena.com.


The downloaded files are detected by Trend Micro as JS_NEVAR.A. As a result, the routines of the downloaded files may be exhibited on the system.

Technical details can be found at this Trend Micro page.