FP: HTML:Iframe-inf

Viruses and worms
1

Hi,

I have tried to report it via the form before but even after months I get no reaction and nothing changed.
So I thought I should post it here:

Half a year ago we had an attack on our homepage. At that time the Avast warning was correct and we fixed the homepage and removed the security hole. Now every scanner I tried (including specialised webpage scanners) say our homepage is clean again, EXCEPT for avast.
I don’t want to change my Scanner only because of this, so could someone please look into this?

Here the details:
Filename: htxp://www.shilka.de/e107_files/e107.js
Size: 10966
Category: infected files
Description: HTML:Iframe-inf

2

You still have the malware body in there and we don’t care if it’s commented out or not 8) Either remove it completely or mangle the url or something, but with this code we will alert forever or longer. ;D

3

Thanks Kubecj for keeping security :slight_smile:

4

Just in case it is unclear, this is the script that needs removing

As kubecj said, since the exploit is still there, it will still be detected.

5
Now every scanner I tried (including specialised webpage scanners) say our homepage is clean again, EXCEPT for avast.
o yea....you did not try Sucuri then ;)

See attached screen shot (click to enlarge)

Sucuri malware info: http://sucuri.net/malware/malware-entry-mwjs3023

Malware URL in iframe -http://govniaha.cu.cc/index.php

checking that on VT give this
http://www.virustotal.com/url-scan/report.html?id=adc9240e95192c449d90993759cd59f1-1322306563
http://www.virustotal.com/file-scan/report.html?id=f49091b204cbe165c61ddb4327a582c8c84390493fb94c937c30c12731f33135-1322310377

and if you test that URL on Sucuri you get this
http://sucuri.net/malware/malware-entry-mwjs3023

6

Way to go…!! :slight_smile:

7

Well this was the original incident logged, see: -http://sakrare.ikyon.se/log.php?id=12439
and on Aug 14 2011 also reported at Seekers SMP Forums, should be cleansed first,

polonus

8

Thanks a lot for your replies. That helped me a lot. :slight_smile:

No idea why our main admin only uncommented the code. I think that everything is deleted now, as avast doesn’t give an alarm anymore.
As I am not an html expert, could someone maybe confirm this?

And yes, I did not try Sucuri.

P.S.: Now I once again know why I use avast.

9

The iframe isn’t there anymore! :wink:

10

Thanks. Again. :wink: