There is a recent virus which adds a malicious code to the website. Our team has put in the efforts to counter this malware attack. The attack comes from client side computer where ftp sessions are taken over malware and files are downloaded, edited (inserting the iframe source script) and uploaded back to the server.
Problem:
Malicious Code inserted in the site's index.* files in all directories. The code added might look like under:<iframe src= "MALICIOUS_URL” width=1 height=1 style=”visibility:hidden;position:absolute”>
Now, you are left with the tons of iframes on your server. To fix that, follow the under given steps:
Cure:
1. Download Avast and clean your local system (from where you normally access ftp). This is the source of the malware, which is curable with free/evaluation version of avast.
2. Now, the source of the malware is cleaned, its time to clean the website on the server. Download this script and put the FILES into your root directory and open the url (eg. http://www.yourdomain.com/anti.php )
3. Confirm your root directory's physical path (All sub-directories will be scanned).
4. All the iframes will be cleaned from the files (Make sure the folders have group write permission).
This script is written in php and will work for the server where php support is there. Script will cure the following problem on your website.
