Hi,

I’m new to the forums but just wanted to post what happened to me. I’ve been using Avast home free version for about the last 5 years and other than it slowing my PC down at times I have never had an issue with it until yesterday. I went to a site that I was working on resolving an issue for ( I work at home for a large web hosting company). I did not know this site had an iframe dropped in it prior to visiting the site. Avast went nuts with virus alerts and i choose to delete each one listed. I even opted for a boot time scan which found more but finished. Once back into XP Avast once again went nuts. After multiple restarts i Thought i had gotten rid of all the viruses but I had not. The task bar in windows is unusable since there seems to be a quick popup when my system starts that has problems with my dual screen setup. Anyway I don’t have logs for my system and really don’t need help repairing it since I am going to wipe the OS (and luckily i dual boot my pc). What I would like to bring to your attention is the malware code so that maybe you can see the viruses used and work form there. In this post i have attached a .txt file of the coding found on the webpages source. I didn’t post it in the message box due to fears it would run as html.

My setup was XP SP2
Avast With latest updates (updated a few hours prior to the attack)

Every 3.6 seconds a website is infected
http://www.scmagazineus.com/every-36-seconds-a-website-is-infected/article/140414/

Boot time Avast Antivirus Scanning
http://www.digitalred.com/avast-boot-time.php

Check your computer for Malware with

MBAM http://filehippo.com/download_malwarebytes_anti_malware/
update and run quick scan, click the button “remove selected” to quarantine anything found, and restart

SAS http://filehippo.com/download_superantispyware/

Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

come back and tell us if it worked

If anything is found other than cookies you may post the scan logs here

@ Stuartsab
Can you remove your attachment, as the last thing we want is for avast to alert in the forums.

@DavidR:

Removed. That’s why it was listed as a .txt so it wouldn’t actually parse in a web browser and could possibly help the development of Avast to block these hidden iframes.

@Pondus:
I know how often websites are hacked as I said I am tech support for a large web hosting company.
I’ve run a boot time scan already which found some but did not get all of them apparently.
Also not going to bother trying to clean the OS at this stage since I’d feel uncomfortable using passwords and such on it. I’m simply going to wipe that partition and start over with it. This is the reason I use partitions for my hard drives so I don’t have to put everything back. My reason for posting was give the Avast development team a heads up (possibly not needed).

It would be nice if Avast created a host file locally on our machines for known bad websites. The example script I gave more than likely leads to a known virus site (can’t tell since it’s encrypted and I didn’t try to decrypt it) that a simple thing like this could fix.

The web shield isn’t too worried if it doesn’t parse as it is looking at the actual code, this has cause some sites that display exploit code (even when it doesn’t parse) to get a shock when the web shield alerts. This is why I tend to use images of the suspect code so there is no way for detections on examples also.

Good point however it didn’t go off for me on that one when I got hit. However interestingly enough it has gone off when i have tried to view the source code after downloading the files threw ftp.

Hi Stuartsab,

Here is a site to check for malicious iFrames: http://www.novirusthanks.org/services/scan-websites-for-iframes/

polonus