A worm appears when I enter my website

The last ten days, a worm appears when I enter my website - almost every day. Fortunately, avast prevents me from the relative danger…
After that, I always scan my computer via avast and no file is infected.
My question is whether the virus/worm comes from my computer or from the server where my website is hosted.
Thanking you in advance for any possible help

Worm, are you sure, I rather doubt that.

What is the infected file name (or URL, see #### below), where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

  • Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry.

When posting URLs to suspect sites, change the http to hXXp so the link isn’t active (clickable) avoiding accidental exposure.

Thank you very much for your reply.
The worm is described by avast as “Iframe-inf” and it appeared when I entered the home page of my website yesterday (the last time). So, I left the site and I scanned my computer; no infected file was detected in my computer.

I communicated with my server and he answered (as always) that the website will be cleaned; however they do not know whether the virus/worm comes from them or from my computer - they say that it appears during the process of ftp.

can you please post the link of your website?. change http to hxxp. i think it has not infected your computer since avast! webshield has blocked it. it is not from your computer.

I communicated with my server and he answered (as always) that the website [b]will be cleaned[/b];

will be cleaned ? i think he knows it ???

iframe-inf, isn’t a worm, but an indication of a site having been hacked by the insertion of a malicious iframe tag, this normally points to a malicious site where the payload could be anything.

This is why asked for the links, as we can show that the site isn’t clean, armed with that you can go back to your Host, that simple cleaning of the inserted iframe tags isn’t enough (or it will be back as it has done), they have to close the vulnerability that allows the site to be hacked in the first place.

The detections was as I said by the web shield and that blocks the infected file from being downloaded to your browser cache and web page with the iframe tag to be run in your browser. So you shouldn’t find anything on your computer.

Have you done your part and changed your ftp password to a stronger one at least 8 characters (preferably more) and a mix of upper and lower case, numbers and symbols (# - ~ etc.) ?