<iframe> Malware infection - Need HELP removing, PLEASE

papafreakshow · 2009-08-09, 06:12 PM

I have some sort of <iframe> Malware infection that I need help removing.

The code has automatically attached itself to every saved .htm document on my computer, and everytime I open Frontpage the code automatically pops up (in new documents and previously created files).

I can open my documents in wordpad (and frontpage) erase the code, save the file, and view it again and find the code still there.

Ive ran a full virus scan, fixed any issues, but nothing fixed the <iframe> problem.

I edit in Frontpage, but even open my files in Dreamweaver, find the code there, erase it, and still it appears like I never erased it.

I thought about removing Frontpage - but if it's happening in Dreamweaver too, I'm not so sure removing Frontpage will do anything constructive.

Any help anyone could offer would be appreciated!

~NH~ · 2009-08-09, 06:12 PM

http://www.malwarebytes.org

cd34 · 2009-08-09, 07:11 PM

Quote:

Originally Posted by papafreakshow

The code has automatically attached itself to every saved .htm document on my computer, and everytime I open Frontpage the code automatically pops up (in new documents and previously created files).

change your FTP password
scan your machine for trojans/spyware/malware or figure out how your FTP password was given to hackers (they didn't randomly stumble across it, they got it from somewhere -- vendor that installed software for you, worker that uploaded files, spyware/keylogger, etc)
clean up your files or have your host restore a backup
change your FTP password to something more unique

You're changing it after the scan just in case they got the new password and you find some malware on your machine. http://www.avast.com/ is also pretty good and free for 30 days then requires registration.

Allfetish · 2009-08-09, 09:34 PM

Windows I presume?

1. Get AVG Feee http://free.avg.com and run checks in both safe mode and normal mode. Do one iteration of both first.

2. Install a rootkit detector and remover (or two or three) and do deep scans with them.

http://www.sophos.com/products/free-...i-rootkit.html

http://technet.microsoft.com/en-us/s.../bb897445.aspx

http://www.google.com/search?hl=en&q...q=f&oq=&aqi=g1

3. Run AVG again in both safe mode and normal mode until both scans show clean

4. Change all passwords.

5. Now fix your HTML files once you have a secured system. If you cannot get it secured you may have to reinstall. Actually reinstalling is the safest thing! Once there is a root/admin level security breach anything but a full reinstall is risky because there is a chance you might miss something.

Licker4U · 2009-08-09, 11:01 PM

Quote:

Originally Posted by cd34

http://www.avast.com/ is also pretty good and free for 30 days then requires registration.

I'm still using the free version and it keeps saving me.

Senator_x · 2009-08-11, 06:31 PM

Get another computer with a clean install of your OS. Install your programs and copy over your files. Make sure you scan the files before copying over.

2009-08-09, 06:12 PM	#1
papafreakshow Internet! Is that thing still around? Join Date: Aug 2009 Posts: 1	<iframe> Malware infection - Need HELP removing, PLEASE I have some sort of <iframe> Malware infection that I need help removing. The code has automatically attached itself to every saved .htm document on my computer, and everytime I open Frontpage the code automatically pops up (in new documents and previously created files). I can open my documents in wordpad (and frontpage) erase the code, save the file, and view it again and find the code still there. Ive ran a full virus scan, fixed any issues, but nothing fixed the <iframe> problem. I edit in Frontpage, but even open my files in Dreamweaver, find the code there, erase it, and still it appears like I never erased it. I thought about removing Frontpage - but if it's happening in Dreamweaver too, I'm not so sure removing Frontpage will do anything constructive. Any help anyone could offer would be appreciated!

2009-08-09, 09:34 PM	#4
Allfetish If you really need money, you can sell your kidney or even your car Join Date: Mar 2005 Posts: 373	Windows I presume? 1. Get AVG Feee http://free.avg.com and run checks in both safe mode and normal mode. Do one iteration of both first. 2. Install a rootkit detector and remover (or two or three) and do deep scans with them. http://www.sophos.com/products/free-...i-rootkit.html http://technet.microsoft.com/en-us/s.../bb897445.aspx http://www.google.com/search?hl=en&q...q=f&oq=&aqi=g1 3. Run AVG again in both safe mode and normal mode until both scans show clean 4. Change all passwords. 5. Now fix your HTML files once you have a secured system. If you cannot get it secured you may have to reinstall. Actually reinstalling is the safest thing! Once there is a root/admin level security breach anything but a full reinstall is risky because there is a chance you might miss something. Last edited by Allfetish; 2009-08-09 at 09:41 PM..

2009-08-11, 06:31 PM	#6
Senator_x Operator! Give me the number for 911! Join Date: May 2004 Location: New Jersey Posts: 136	Get another computer with a clean install of your OS. Install your programs and copy over your files. Make sure you scan the files before copying over. __________________ Web Design and Development using WordPress. Hit me up on ICQ 61661595

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

2009-08-09, 06:12 PM	#2
~NH~ Porn Tuber Join Date: Jun 2009 Location: New Hampshire Posts: 505	http://www.malwarebytes.org