Avast WEBforum
Other => Viruses and worms => Topic started by: webuser123 on July 24, 2011, 08:32:16 AM
-
Please send info asap. Thanks.
-
welcome to the forum.
we need more information on the subject
what is your homepage please post that. but chance the url from www to wxw so it's not clickable.
-
I am getting this too on my own website. wxw.thewaldorfconnection.com and wxw.everydayrhythm.com
Started on Sat.
I have done thorough computer scans and removed the trojan on my files and also done
a boot scan where it was removed, but only found in the Mozilla AppData files.
I re-started computer and tried to access website and it happened again!
I don't seem to have infected files on my computer. My webhost says they don't see anything
and could not duplicate the problem.??
This is my business site, so impotant
Thanks,
Donna
-
websites are infected
see attached screenshots
type of infection http://sucuri.net/malware/malware-entry-mwjs3022
-
Hi Donna, welcome to the forum :)
Unfortunately, as Pondus suggests, it seems as though your sites have been infected.
Both contain an iframe at the very beginning of the page that is most likely the cause of the alerts.
Scott
-
Norman lab analysis
The iframe domain points to IP 94.60.123.48 which is blacklisted in RBL for spreading malware based on "Blackhole" kit.
Both URL have same Iframe
wxw.everydayrhythm.com.htm ---> JS/IFrame.FZ