Author Topic: Sudden Virus found at my OWN website ?  (Read 7628 times)

0 Members and 1 Guest are viewing this topic.

rob1337

  • Guest
Sudden Virus found at my OWN website ?
« on: April 06, 2009, 04:08:18 AM »
Hey guys,

I've been searching around and I haven't been able to come across this problem as of yet. Now on my own personal website / forums, a page that I usually visit at least 5-10 times a day, I'm suddenly getting a virus warning which won't allow me to visut my site.

Not entirely sure how or more importantly why I'm suddenly getting the error but I was wondering if anyone can help.

The error / virus is

"" HTML:|frame-inf ""

Here's a screen shot of what pop's up on my computer when I attempt to log onto my page. Also, I've tried attempting to report it as a false positive but I'm not sure if that's going to get me anywhere. I've also contacted my friend who helps me admin the site and he did not and does not have any issue with our forums.







Any help here would be greatly appreciated !!!
« Last Edit: April 06, 2009, 03:49:33 PM by rob1337 »

CharleyO

  • Guest
Re: Sudden Virus found at my OWN website ?
« Reply #1 on: April 06, 2009, 07:12:55 AM »
***

This is an indication of an iframe infection on your site. It is possible that someone or something has added this infection to your site.

But, there is little help we can give without the URL to test the site and you have "blocked" the URL from being seen by us.


***
« Last Edit: April 06, 2009, 07:14:37 AM by CharleyO »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Sudden Virus found at my OWN website ?
« Reply #2 on: April 06, 2009, 03:06:35 PM »
I've been searching around and I haven't been able to come across this problem as of yet. Now on my own personal website / forums, a page that I usually visit at least 5-10 times a day, I'm suddenly getting a virus warning which won't allow me to visut my site.

The error / virus is
"" HTML:|frame-inf ""

Any help here would be greatly appreciated !!!

Any information would be even more helpful, like the URL so it can be investigated.

I would say it is almost a cast iron certainty that your site has been hacked, the insertion of an iframe tag/s. Of all the sites I have investigated with this malware name, none have proved to be false positives. You only need to do a forum search for the malware name to see this.

Check your site code normally after the closing html tag for any hidden iframe tag insertion. Though it is possible that it could be inserted anywhere on the page code, by hidden I mean one of the iframe attributes is Hidden, not that you can't see it in your code.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

rob1337

  • Guest
Re: Sudden Virus found at my OWN website ?
« Reply #3 on: April 06, 2009, 03:25:55 PM »
Sorry guys, I wasn't sure if you needed that info or not. My apologies.

my website is http://forums.team-sa.net - And I updated the Screen shot above for you.

I'm not the most IT savvy guy as well, so an explanation in laymen terms would probably be most beneficial. And as I said, my friend who helps me admin the site has told me I'm a "noob" and that my AV is probably just taking a "crap." I'm fairly sure he's using Norton's Corporate AV as well.

IF it helps, I'm using the free version of Avast since I'm a student and currently cannot afford to upgrade to pro.

Thanks for any help guys, I appreciate it.
« Last Edit: April 06, 2009, 03:50:00 PM by rob1337 »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Sudden Virus found at my OWN website ?
« Reply #4 on: April 06, 2009, 06:31:05 PM »
Yes the site has been hacked.

The only difference is this hidden iframe has been inserted before the page code also a big standards no, no and highly suspicious. Not to mention the iframe is pointing at a Chinese domain spy-cams.cn, see image.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

rob1337

  • Guest
Re: Sudden Virus found at my OWN website ?
« Reply #5 on: April 06, 2009, 09:48:54 PM »
God dammit !!!!

So what would be the best course of action or what / how should I tell my code guy how to fix this problem ?

Is there any way we can prevent this from happening again ? any kind of precautions that we can take or no ?

THANKS AGAIN for all your help guys!



Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Sudden Virus found at my OWN website ?
« Reply #6 on: April 06, 2009, 10:20:02 PM »
You could start by showing him this Topic and the above image.

He will have to search the html code for pages that have this iframe inserted and remove it, he may have a tool that can automate the removal of the iframe, but it isn't guaranteed that the iframe would all be identical or if you use iframes legitimately in the site.

You/he should change the password used to modify the site and tighten up security on file permissions.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

rob1337

  • Guest
Re: Sudden Virus found at my OWN website ?
« Reply #7 on: April 07, 2009, 05:36:01 AM »
Yea I've forwarded him this link so far, he said he thinks he deleted it.

Thanks again guys !


Much respect for the avast support team!

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Sudden Virus found at my OWN website ?
« Reply #8 on: April 07, 2009, 04:35:29 PM »
You're welcome.

Don't forget to strengthen passwords and security as removing the injected iframes is only part of the resolution or it theoretically happen again.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

rob1337

  • Guest
Re: Sudden Virus found at my OWN website ?
« Reply #9 on: April 07, 2009, 06:05:40 PM »
Yea for sure.

I'm on him right now about that !


It was probably some IT guy who got pissy b/c one of my server admins banned him.  ::)

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Sudden Virus found at my OWN website ?
« Reply #10 on: April 07, 2009, 07:20:31 PM »
Well another thing to look at is the forums software as some may have vulnerabilities which can be exploited so it is important that the forum software is kept up to date.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

rob1337

  • Guest
Re: Sudden Virus found at my OWN website ?
« Reply #11 on: April 15, 2009, 04:20:59 AM »
Figures as my IT guy is busy as crap with school our forums are being spammed like crazy.

Whats considered the best safe guard against people creating accounts and instantly spamming every section of the forum.


Sorry if I'm not allowed to bump this thread for something new.

Regards,
Rob

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: Sudden Virus found at my OWN website ?
« Reply #12 on: April 15, 2009, 04:29:21 AM »
Something like re-captcha might help. http://recaptcha.net/

That would only be for spam-bots though.  For real people, you can disable posting links until they reach a certain post limit, or something similar.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: Sudden Virus found at my OWN website ?
« Reply #13 on: April 15, 2009, 04:31:33 AM »
Oh, since you're using PHPBB, this will help you install.
http://recaptcha.net/plugins/phpbb/
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

rob1337

  • Guest
Re: Sudden Virus found at my OWN website ?
« Reply #14 on: April 15, 2009, 07:36:54 AM »
awesome thanks again!!

you guys here have been a huge help!

not sure what I would have done if I didn't stumble across these forums :)