Author Topic: Trojan Horse Blocked :-JS:IFrame-CG [Trj]  (Read 4243 times)

Offline stephenr

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
Trojan Horse Blocked :-JS:IFrame-CG [Trj]
« on: August 04, 2011, 03:17:42 PM »
Hi,

I have just came back from holiday to find my websites with the above problem so I cannot see the websites I have. The main url, hxxp://www.izzy-wizzy.com has the directory listing but none of the folders off it load in either Firefox or IE. My wife's PC can see them perfectly well but she uses AVG Anti Virus. I have no problem with other websites.

Any suggestions?

thanks and regards,

Stephen
« Last Edit: August 04, 2011, 05:58:39 PM by igor »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21683
  • Gender: Male
    • Personal Message (Offline)
Re: Trojan Horse Blocked :-JS:IFrame-CG [Trj]
« Reply #1 on: August 04, 2011, 03:22:22 PM »
sorry but your website is hacked....
Sucuri sitecheck   http://sitecheck.sucuri.net/scanner/

See Sceenshot (click to enlarge)


malware info: http://sucuri.net/malware/malware-entry-mwiframehd203


VirusTotal - URL scan
http://www.virustotal.com/url-scan/report.html?id=585a07dc6927dfe20f29297d31f7843a-1312463291
« Last Edit: August 04, 2011, 03:34:55 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline stephenr

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
Re: Trojan Horse Blocked :-JS:IFrame-CG [Trj]
« Reply #2 on: August 04, 2011, 04:31:28 PM »
Thanks for the reply. I don't understand the results of what was posted. What can I do to identify what exactly the problem is and how do I fix the problem?

thanks,
 
Stephen

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21683
  • Gender: Male
    • Personal Message (Offline)
Re: Trojan Horse Blocked :-JS:IFrame-CG [Trj]
« Reply #3 on: August 04, 2011, 04:38:44 PM »
Not sure......well...the sucuri scanner say Malware found in the URL:

hxxp://wxw.broadfieldbkp.co.uk/404testpage4525d2fdc
hxxp://wxw.broadfieldbkp.co.uk/www.broadfieldbkp.co.uk
hxxp://wxw.broadfieldbkp.co.uk/404.shtml

did you put those urls there ?
« Last Edit: August 04, 2011, 04:40:36 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21683
  • Gender: Male
    • Personal Message (Offline)
Re: Trojan Horse Blocked :-JS:IFrame-CG [Trj]
« Reply #4 on: August 04, 2011, 04:53:01 PM »
Information for Website Owners  http://stopbadware.org/home/webmasters

Tips for Cleaning & Securing Your Website http://stopbadware.org/home/security

Have a single site with malware?, Do you need to have a website quickly cleaned and removed from blacklists? We have you covered. http://sucuri.net/signup
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20129
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Re: Trojan Horse Blocked :-JS:IFrame-CG [Trj]
« Reply #5 on: August 04, 2011, 06:03:14 PM »
SOSWebscan gives the site clean, DrWeb gives it cleanm because it does not scan all
the deeper links Malware found in the URL:
-http://www.broadfieldbkp.co.uk/404testpage4525d2fdc

Malware found in the URL:
-http://www.broadfieldbkp.co.uk/www.broadfieldbkp.co.uk

Malware found in the URL:
-http://www.broadfieldbkp.co.uk/404.shtml - HTTP Error 404: Not Found
:
Checking: -http://www.izzy-wizzy.com/
Engine version: 5.0.2.3300
Total virus-finding records: 2447191
File size: 365 bytes
File MD5: df8cee1987fcf67e8abf4042b9c3c52f

-http://www.izzy-wizzy.com/ - Ok

Anubis report: http://anubis.iseclab.org/?action=result&task_id=1b4fff480d16db6a4b94f4ad6f4b150c9&format=html   

But there was a malicious script found through the redirect link to
http://www.google.com/safebrowsing/diagnostic?site=www.broadfieldbkp.co.uk
See for malicious activities: http://sitevet.com/db/asn/AS11798
Malware found in the URL e.g.:
-http://www.broadfieldbkp.co.uk/404testpage4525d2fdc
See: http://sucuri.net/malware/malware-entry-mwiframehd203

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline stephenr

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
Re: Trojan Horse Blocked :-JS:IFrame-CG [Trj]
« Reply #6 on: August 04, 2011, 07:01:53 PM »
Thanks for the pointers. I'll start with a full scan tonight and work through my sites.

cheers,

Stephen

Offline stephenr

  • Jr. Member
  • **
  • Posts: 27
    • Personal Message (Offline)
Re: Trojan Horse Blocked :-JS:IFrame-CG [Trj]
« Reply #7 on: August 05, 2011, 08:27:54 AM »
The scan revealed 4 adware/malware gen things that Avast moved to the chest.

Another threat Ricsi-831 is identified with d:\pagefile.sys which can't be repaired. I tried to move to chest but the isn't enough space; it's 786 Meg. Any ideas how I can sort this?

My websites seem to be working correctly now and given clean status by Sucuri.

thanks and regards,

Stephen
« Last Edit: August 05, 2011, 08:34:04 AM by stephenr »

Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20129
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Re: Trojan Horse Blocked :-JS:IFrame-CG [Trj]
« Reply #8 on: August 05, 2011, 11:56:37 AM »
Delete all files that are detected as Ricsi.806. Deleted files will have to be either replaced from a clean backup or reinstalled. How to delete the Pagefile.sys File can be read here:
http://support.microsoft.com/kb/255205/en

polonus


Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now