Fixed. Thanks.

This page seems to be
http://www.UnmaskParasites.com/security-report/?page=www.yuvadermstore.com
Suspicious Inline Scripts

Diagnos for .yuvadermstore.com - Malicious software includes 30 scripting exploit(s).
http://www.google.com/safebrowsing/diagnostic?site=www.yuvadermstore.com

Every 3.6 seconds a website is infected
http://www.scmagazineus.com/every-36-seconds-a-website-is-infected/article/140414/

err, what does that mean exactly?

i just ran a full scan on my site:

Scan Completed

Scanned folders: 510

Scanned files: 1935

Infected files: 0

im in the process of downloading the entire site and scanning it, but i doubt it has a virus, if i turn off the Avast scanner and use another AV, it seems to work just fine.

what can i do to remedy this situation?

well it was detected by heuristics engine cos it shows a trj thingy behind. but i am not sure whether it is a virus or false positive

i would double check through some of website coding and check if any has been exploited

Probably it is due to suspictious script located before and after tag.

ok, so what do I do from here?

Tips for Cleaning & Securing Your Website
http://stopbadware.org/home/security

it deifnitely is infected…there is a line of code on some pages that wasnt there before…yuck.

this was the code btw…
its on almost all the index.whatever pages on my site…even backup ones…

the question is, how the frak did they get there?

i think i got it all.
thanks for all the help guys!

Please don’t post scripts on the forums, even if you have hacked bits out of them as the last thing that we want is for avast to be alerting on the topic in which you see help.

Post an image of the suspect text were it won’t have any possibility of a detection on the topic, see example image.

Please modify your posts.

You can physically edit your infected pages but if you don’t resolve the underlying reason the site was hacked it is likely to be back. The most common means of hacking is exploiting vulnerabilities in old content management software, PHP, SQL, wordpress, etc.

Hi inferno272,

Yes it is bad practise to give live malicious links. Break them by making them hXtp:// or wXw for instance, so the curious won’t click the link and get themselves infested.
The code can be found here: hXtp://badwarebusters.org/main/itemview/15598 - do not click avast will flag it? It has been injected to be an exploit site Type 750:

From your main directory one has to open all the index pages and JS file,
and at the end of the each file one will find some malicious JS code.
Now remove that code and try to restore that file on to the server.

For that purpose one needs to use FTPRush or some other software.
or use Filezilla but don’t store a password in it.
type the password each and every time when you need to,
because filezilla stores the password in the config file,
and the hacker will try to read your detail from that file
and after that the run one automatic software ,
that will do malcode injection in all js and index file,
Update all the used website software, because that could be vulnerable,

polonus