TASMR infected

Viruses and worms
1

I use a forum for Tasmania Motorcycle Riders and the other day when i logged on avast flagged it with the HTML:iframe-inf virus, i have contacted the webmaster and he has asked what to do.

What is the next step for him?

2

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx Or full URL, see #### below) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe - Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log

When posting URLs to suspect sites, change the http to hXXp so the link isn’t active (clickable) avoiding accidental exposure.

avast is very hot on these and very accurate all those I have checked in the forums have been good detections.

There is usually a hidden iframe tag with a redirect yo another site of to run a file, most commonly these are outside the HTML code, but they can be inserted anywhere on the page.

3

Try doing what DavidR said.

4

Please don’t post live links to malware sites, change your post so that the http reads hXXp, as you so recently told someone else to d ???

e.g. hXXp://searchdonor.com/

It also doesn’t pay to second guess the OP, which is why I asked specifically for the URL and also mentioned changing the http to hXXp then also. Since the OP mentioned ‘when i logged on’ so that may also be a different page as you wouldn’t have logged on.

5

Sorry, I posted in the wrong topic, thats why I changed the text.

6

I see you have now put in the correct topic with the hXXp ;D

7

Hi all,

I am the admin for Tasmanian Motorcycle Riders (TASMR), and would just like to let you all know that the site is not longer infected and hasn’t been for some time. Someone did place an iframe in the header but it has since been removed. Thanks to all those who informed me.

Cheers,

Duke

8

Well I would hope it isn’t still infected as this is a very old topic, welcome to the forums.

These type of exploits are commonly down to old versions of content management software that have vulnerabilities, PHP, SQL, wordpress, etc. so it is important to keep such software up to date.