Website virus HTML:Iframe-gen a false positive? PLEASE HELP!

[digimuncher]

Hello,

I am using Avast!  4.8 Home Edition, and I have a website that I never had problems accessing while using Avast until now.

I've recently visited my website and Avast tells me the website has a virus!  Here is what my log says:
Date:  07/22/2008 07:10:21 AM
SYSTEM
Application: 1888
Description: Sign of "HTML:Iframe-gen has been found in "http://www.techyartsy.com/ file

http://www.techyartsy.com is my website, and upon going to the site is when Avast gives me the virus warning. I've tried this on three computers: Two with Avast 4.8 installed, and another using Symantec AntiVirus Corporate Edition. Avast gives me the warning, whereas Symantec lets me pass through and does not detect a "virus".  Both virus softwares are updated with the latest updates.

Is HTML: Iframe-gen a virus, or is this a false positive via Avast? 

And how do I get rid of this on my website?  Eliminate all my Iframes?

Any help is appreciated, thanks.

[Maxx_original]

do you know about the iframe pointing to hxxp://124.217.252.62 at the end of page?

[digimuncher]

do you know about the iframe pointing to hxxp://124.217.252.62 at the end of page?

Actually, I just saw a forum post on a similar situation, with the iframe being at the end of the HTML tag.  Minutes later I recieved your reply, thanks for the attention and the info.  So now I suppose I must reinstall my entire Joomla web site    Or can I just simply delete these iframe tags, get some security software and pray that it never happens again?

God, I can't believe I've been hacked! 

For anyone else with this type of problem on their site, here's a great link regarding a similar problem:

http://forum.avast.com/index.php?topic=36068.msg302526#msg302526

[Lisandro]

hxxp://124.217.252.62

Firefox phishing and K9 detected this as being spyware/malware sources.
I can't even enter the page.
Strangely, Dr.Web says the page is clean

[digimuncher]

hxxp://124.217.252.62

Firefox phishing and K9 detected this as being spyware/malware sources.
I can't even enter the page.
Strangely, Dr.Web says the page is clean

Yes, same here!  I sent an email to avast early this morning reporting that I used Dr. Web as well, and everything was reported a-ok via the doctor plugin.  But after finding out that my site has been hacked from Avast's report, I guess Avast! is more reliable.   

Are there any suggestions as to how to get rid of these hacker iframe tags? I know this isn't a web expert site or anything, but if anyone has any suggestions I'd appreciate it.

If I have to dump the entire website and reupload it then I'll do that, but if I don't HAVE to then I'm open to any suggestions.  I'm still trying to track down exactly where the hacker is putting this code. Problem is this is a Joomla website so I have alot of index.html webpages for each component! 

Thanks!

[Maxx_original]

remove the mentioned iframe from your html file(s) (you can do that in any of the plaintext html/text editors)
check the security updates for your web server
change your password

[digimuncher]

remove the mentioned iframe from your html file(s) (you can do that in any of the plaintext html/text editors)
check the security updates for your web server
change your password

Okay, thanks!  I'll do this after I get off work this evening and post back when everything looks smooth.

Also I did more web searching and found a forum post that denotes EXACTLY the same problem I have.  They also give credit to Avast!, saying that this was the only software that detected this hacker problem on the site:

http://www.webhostingtalk.com/showthread.php?t=708285