Hi all hoping somebody can help

I have a site of my own I have been working lately and today, Avast has started to block it with the following message

MALWARE BLOCKED
Object http://www.strongmanuk.co.uk/٭>{gzip} NOTE - I have used the ٭ sympbol but what is shown is a verticle line, much larger than any verticle line I can find.
Infection:Script-inf
Action:Connection aborted
Process:C:\Program Files\Internet Explorer\iexplore.exe

I really am not a computer boffin so have no idea what is going on. Asked a few friends and they can all acess the site fine.

Id appreciate some help guys!

Scott

anybody help me!

This page seems to be References to 1 suspicious domain found.
http://www.UnmaskParasites.com/security-report/?page=www.strongmanuk.co.uk

hxxp://pantscow.ru/Kbps.js ( Malicious software includes 19 trojan(s), 10 exploit(s). )
http://www.google.com/safebrowsing/diagnostic?site=http%3A//pantscow.ru/Kbps.js

Wepawet
http://wepawet.cs.ucsb.edu/view.php?hash=0fe720a74ea6be8db47313e8cb1873fb&t=1279116152&type=js

ok, so what does that mean, and what do I do?

it means that you have to remove the script that is pointing to the bad website

maybe DavidR can tell you where it is located…

I hope so! it is affecting my forum with the following messages

[phpBB Debug] PHP Notice: in file /includes/session.php on line 990: Cannot modify header information - headers already sent by (output started at /includes/hooks/index.php:251)
[phpBB Debug] PHP Notice: in file /includes/session.php on line 990: Cannot modify header information - headers already sent by (output started at /includes/hooks/index.php:251)
[phpBB Debug] PHP Notice: in file /includes/session.php on line 990: Cannot modify header information - headers already sent by (output started at /includes/hooks/index.php:251)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3760: Cannot modify header information - headers already sent by (output started at /includes/hooks/index.php:251)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3762: Cannot modify header information - headers already sent by (output started at /includes/hooks/index.php:251)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3763: Cannot modify header information - headers already sent by (output started at /includes/hooks/index.php:251)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3764: Cannot modify header information - headers already sent by (output started at /includes/hooks/index.php:251)

I don’t know about this one, there are about 4 adobe flash files trying to load, but there is one other compressed zip/archive being loaded, probably javascript and I think it is this which is causing the alert.

I have uploaded a copy this to virustotal and that is certainly what is the cause, http://www.virustotal.com/analisis/a0089ad653b1288aa7b295dbed69b33bb6851f3b022c2e723700a43bd944fd7b-1279118535 and avast isn’t alone in the detection of what appears to be a redirection type attack.

I don’t know how you go about trying to find this compressed javascript file causing this and much less if you created the file how to unpack it and remove any malicious code. I have tried to view the index/home page source but it comes up blank.

@ S777
The vertical line is I believe the Pipe character | pressing Shift + \ gives the Pipe | character it in itself isn’t an issue.

ahh this is a headache and half!

Well heres hoping the phpbb team can track the problem down as I am out of ideas.

Thanks for all the help!

You’re welcome, good luck.

Hi S777,

Here is a description of the malware involved: http://www.sophos.com/support/knowledgebase/article/42432.html
You can test for SQL vulnerabilities with scrawlr: http://www.softpedia.com/get/Security/Security-Related/Scrawlr.shtml re: http://www.brighthub.com/computing/enterprise-security/articles/13751.aspx

polonus