my hosting account was hacked last week and i dont know if thats how the trojan virus got on my site or if the hacker found a whole in wordpress.

all i know is when i click my listing for my site in the search engine avast blocks my site saying win32:FakeSysdef-T virus has been sent to the chest.

can any one tell me how to find the infected file in my hosting cpanel and get it off the server?

thank you for your help
maryjane

what is the URL ?
use hxxp or wxw so the link is not clickable

Trojan:Win32/FakeSysdef is a rogue system optimizer that displays false alerts to coax the user into purchasing the program.
https://www.microsoft.com/Security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FFakeSysdef

i have checked other pages but this is the one i found so far.

can it just attack individual pages?

thank you

Opera 11 browser gives a malware warning and blocks the initial attempt at accessing the Blog page. One can still get to the blog page but I didn’t chance it.

I can open it in Opera/IE8/Chrome and i get NO warning from avast!
VT scan on URL/HTML are both clean, Unmaskparasites Clean

But i do get a IP block warning from MBAM that it has blocked 91.204.48.52 and it seems to be located in Ukraine

i have found this code on the home page which is not mine

**CODE REMOVED **

so now i know the virus is on my site. thank you all very much for your help. now the fun begins.

thanks

NORMAN analysis say that this code is malware and will add detection for it

Processed - HTML/Agent.GI

you should remove the code so that those entering this post does not get a detection…