Help!!! Unable to open and view my wordpress.org blog

When I open my site, avast prompt “avast! Web Shield has blocked a harmful webpage or file” and below are the details

Object: http://www.jamessamy.com/
Infection: HTML:IFrame-PE[Trj]
Process: C:\Program Files\Mozilla Firefox\firefox.exe

I already scanned with Avast and whenever i open having the above problem. How can I solve this issue.Need your advice and help.

At Avast support, they told me to search for the “ycgcjet.co.tv” and remove this script to heal the webpage.
Where to should I search in wordpress.org …help!!!

Thank you
James

I rather doubt it is in wordpress.org, it is on your site which would appear to have been hacked.

Check it out using this site, http://sitecheck.sucuri.net/scanner/, see image there appears to be two issues and on a number of pages.

Hi DavidR

What is your advice? What should I do now to clear it?

Not only avast finds this malware:
http://www.virustotal.com/url-scan/report.html?id=633340a7b3ef4c714796c4534890bb57-1311919870
&
http://www.virustotal.com/file-scan/report.html?id=ce3f5834fd64303e278096e09849d290d0cb49e736af7254a36b31ac21d5b6f9-1311927082
I attached the issues sucuri detects and also where malzilla flags a redirect,
that goes to load malware from:
-http://hfznprj.co.tv/forum.php?tp=d060ac86169a855f
See: http://www.virustotal.com/url-scan/report.html?id=810e744b6557f60e96f5c0913e72a989-1311920424
but for forum.php no malware detected at VT:
http://www.virustotal.com/file-scan/report.html?id=ce3f5834fd64303e278096e09849d290d0cb49e736af7254a36b31ac21d5b6f9-1311927082
but a link there to:
hxtp://www.google.com/extern_js/f/CgJlbhICdXMrMEU4ACwrMFo4ACwrMA44ACwrMBc4ACwrMDw4ACwrMFE4ACwrMAo4AEAvmgICY2MsKzAWOAAsKzAZOAAsKzAlOAAsKzA1OAAsKzBBOAAsKzBNOAAsKzBOOAAsKzBTOACaAgZzZWFyY2gsKzBUOAAsKzBjOAAsKzBpOAAsKzAYOAAsKzAmOAAsgAJQkAJI/Pt4J7vdDvN4.js = DT.Rotator tracking script
4 encoders, 1 scripts

polonus

Well to start with, check my image and go to the sucuri.net site and check the links effected and then search those pages for the hidden iframes and remove them. That isn’t the end of it you have to find and close the vulnerability or you could well be hacked again. I can’t help you with that, it isn’t an area I’m that familiar with.

Hacked Sites - This is commonly down to old content management software being vulnerable, PHP, Joomla, Wordpress, SQL, etc. etc. So ensure that whoever is responsible for for that has the latest versions.

Also see, Tips for Cleaning & Securing Your Website, http://www.stopbadware.org/home/security.

Also see, Help: I Got Hacked. Now What Do I Do? http://technet.microsoft.com/de-de/library/cc512587(en-us).aspx.

This type of thing is also often found in any template files so anything created off them would have the code inserted.

Hi jamessamy.

Here is the iFrame analysis of the site:
No zeroiframes detected!
Check took 17.03 seconds

(Level: 0) Url checked:
-http://wave.webaim.org/report?url=http%3A%2F%2Fwww.jamessamy.com%2F&js=2
Zeroiframes detected on this site: 0
No ad codes identified - see attached gif

(Level: 1) Url checked: (iframe source)
-http://zmzckzb.co.tv/?go=1
Zeroiframes detected on this site: 0
No ad codes identified redirecting to malcode download see posting above

(Level: 1) Url checked: (iframe source)
-http://www.facebook.com/plugins/like.php?href=http://www.jamessamy.com/secrets-success-in-life&layout=standard&show_faces=true&width=300&height=25&action=like&font=arial&colorscheme=light (Non suspicious finds)
Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (iframe source)

Zeroiframes detected on this site: 0
No ad codes identified

(Level: 1) Url checked: (script source)
-http://wave.webaim.org/scripts/mootools.js
Zeroiframes detected on this site: 0
No ad codes identified see attached suspicious flag by jsunpack

(Level: 1) Url checked: (script source)
-http://wave.webaim.org/scripts/wave.js benign code
Zeroiframes detected on this site: 0
No ad codes identified

At least you should update all your website application software. Then your website will give away content that is being generated dynamically through the so-called “X-Powered-By” HTTP Header. For security reasoins it is advised to remove mentioned header,

polonus

Thank you for all advice, it there anywhere I get it done more simpler because I can remove the virus. Any youtube or any help Avast

I fear the answer is: No.