I am using Avast! 4.8 Home Edition, and I have a website that I never had problems accessing while using Avast until now.
I’ve recently visited my website and Avast tells me the website has a virus! Here is what my log says:
Date: 07/22/2008 07:10:21 AM
SYSTEM
Application: 1888
Description: Sign of "HTML:Iframe-gen has been found in "http://www.techyartsy.com/ file
http://www.techyartsy.com is my website, and upon going to the site is when Avast gives me the virus warning. I’ve tried this on three computers: Two with Avast 4.8 installed, and another using Symantec AntiVirus Corporate Edition. Avast gives me the warning, whereas Symantec lets me pass through and does not detect a “virus”. Both virus softwares are updated with the latest updates.
Is HTML: Iframe-gen a virus, or is this a false positive via Avast?
And how do I get rid of this on my website? Eliminate all my Iframes?
Actually, I just saw a forum post on a similar situation, with the iframe being at the end of the HTML tag. Minutes later I recieved your reply, thanks for the attention and the info. So now I suppose I must reinstall my entire Joomla web site :-[ Or can I just simply delete these iframe tags, get some security software and pray that it never happens again?
God, I can’t believe I’ve been hacked!
For anyone else with this type of problem on their site, here’s a great link regarding a similar problem:
Yes, same here! I sent an email to avast early this morning reporting that I used Dr. Web as well, and everything was reported a-ok via the doctor plugin. But after finding out that my site has been hacked from Avast’s report, I guess Avast! is more reliable.
Are there any suggestions as to how to get rid of these hacker iframe tags? I know this isn’t a web expert site or anything, but if anyone has any suggestions I’d appreciate it.
If I have to dump the entire website and reupload it then I’ll do that, but if I don’t HAVE to then I’m open to any suggestions. I’m still trying to track down exactly where the hacker is putting this code. Problem is this is a Joomla website so I have alot of index.html webpages for each component!
remove the mentioned iframe from your html file(s) (you can do that in any of the plaintext html/text editors)
check the security updates for your web server
change your password
Okay, thanks! I’ll do this after I get off work this evening and post back when everything looks smooth.
Also I did more web searching and found a forum post that denotes EXACTLY the same problem I have. They also give credit to Avast!, saying that this was the only software that detected this hacker problem on the site: