Comments on: HEUR:Trojan.Script.Iframe

By: gerold

gerold — Tue, 31 Jan 2012 18:06:48 +0000

@Katrina — i agree, Kaspersky sometimes detect scripts (ex: php) as virus or dangerous even if they’re not. Of course it’s better to look at the script itself if you doubt the Kaspersky result.

This is also true with other antivirus suites. Thanks for pointing this out!

By: Katrina

Katrina — Mon, 30 Jan 2012 06:24:25 +0000

@Gerald-Just because it pops up on Kaspersky doesn’t always mean it’s infected…Kaspersky will deny something and turn it into an Inactive virus. Kaspersky support provided the information with numerous screenshots.

By: Alexander

Alexander — Wed, 04 Jan 2012 09:46:57 +0000

Hi there
Happy New Year
Are you offering a service to clean up some pages we run?
Greetings
Alexander

By: will

will — Tue, 22 Nov 2011 20:42:17 +0000

Removing some of this same virus…it seems to be old version of WordPress with out of date timthumb.php which allows upload of .pl or .js files to the file_upload directory. Once the script is uploaded, you can then write, change permissions, etc. which then leads to iframes etc.

Make sure to check all temp folders, image upload folders and remove any .pl or .js files in there. Also check code in any .js files in a wordpress install as 99% of the time they are supposed to be php or have been added by an attacker.

By: Wtf?

Wtf? — Tue, 01 Nov 2011 20:56:37 +0000

[...] HEUR:Trojan.Script.Iframe | Linux Sysadmin Blog Proud Member of Team.Fix-9000 Affiliate of Team Roma Founding Member of the former Team [...]

By: Adam Saad

Adam Saad — Wed, 20 Oct 2010 13:18:01 +0000

Yes its great Adam is saying right this way hacker will keep attacking but your site will not be effected and that’s all

By: Adam Saad

Adam Saad — Wed, 20 Oct 2010 13:16:18 +0000

Dear All Got the solution to the problem , just make a backup of the all index and login files and put a code to replace the file if there is any change in the code and you are done , now hacker can’t do any thing any more

By: ITRCP SOFT

ITRCP SOFT — Wed, 13 Oct 2010 14:26:19 +0000

Many of the website tells that its a virus infection but I think its the Code injection but need the solution to that how we can make our website secure from this code injection

By: Adam Saad

Adam Saad — Wed, 13 Oct 2010 14:21:37 +0000

Hi all ,
I am also having the same problem with more than 10 of my site and the only solutions till now I found is manual removal of the code from html or php files ,

does any one have the Idea how to prevent this code injection ?

By: amrikarisma

amrikarisma — Tue, 28 Sep 2010 08:54:52 +0000

menakutkan,, but good posted. . .