1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WTF is trojan script iframe

Discussion in 'Black Hat SEO' started by netjedi, Jun 23, 2009.

  1. netjedi

    netjedi Jr. VIP Jr. VIP Premium Member

    Joined:
    May 15, 2008
    Messages:
    666
    Likes Received:
    1,049
    Occupation:
    Student
    Location:
    Endor
    Hey guys, need help. Im not sure where to put this so i need put it here.

    WTF is trojan script iframe and how do i delete it?
    My site got infected by it!
     
  2. gundamwing

    gundamwing Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 18, 2008
    Messages:
    1,274
    Likes Received:
    913
    nahh it cookies stuff
    what do you use bitdefender or kapersky
     
  3. HaRRo

    HaRRo Elite Member

    Joined:
    Oct 29, 2005
    Messages:
    2,676
    Likes Received:
    13,447
    Occupation:
    Self Employed
    Location:
    Miami, FL
    Quite simply delete the iframe ?
     
  4. bossman

    bossman Newbie

    Joined:
    Feb 8, 2009
    Messages:
    30
    Likes Received:
    1
    this hit me and it is pretty nasty... it is some type of PHP worm that infects index.php files, and links to some iframe on an outside site. I kept thinking I cleaned it too but a reformat was all that finally took care of it.
    Posted via Mobile Device
     
  5. keinehabe

    keinehabe Supreme Member

    Joined:
    Nov 4, 2008
    Messages:
    1,207
    Likes Received:
    472
    Gender:
    Male
    Occupation:
    -= CEO =-
    Location:
    Heaven
    Home Page:
    what you didn't understand ? the word iframe or the trojan word :)?
     
  6. thesmashge

    thesmashge Power Member

    Joined:
    Jan 14, 2009
    Messages:
    520
    Likes Received:
    519
    • Thanks Thanks x 1
  7. demigod888

    demigod888 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 3, 2008
    Messages:
    188
    Likes Received:
    49
    Location:
    Moon
    Ok, I had same issue, will share with you how I solved this problem.

    1. write to google antimalware and download free malwarebytes software.
    2. check your computer for malware.
    3. Erase all ftp and http (browser) history
    4. Change passwords
    5. Check all index, header files in all dirs to find iframes, also you will find some more files:
    it's like when you erasing one iframe in index for example and trying them go to your site, you will see warning for different file>check that file and erase iframe (don't forget to look for broken code end, because these iframes are nasty, they like to break the code). DONT FORGET HTACCESS! - often shit comes from this

    Troubleshoot:
    let's say it didn't help...
    then make again every step, but replace 5 step and make this proccess:
    -make backup of your database (check google)
    -make backup of your uploads
    -delete everything
    -install fresh site and put your database with uploads.

    Write in google "how to delete iframes" and so on.

    btw
    I don't use ftp program anymore, I use firefox addon fireftp - its safier.
    Don't forget permissions. NEVER 777 in themes and plugins, especially in those files which people can see.
    Good luck mate.
    I would write more, but my english is my wall.
     
    • Thanks Thanks x 1
    Last edited: Jun 23, 2009
  8. pennyb

    pennyb Junior Member

    Joined:
    Aug 14, 2008
    Messages:
    119
    Likes Received:
    267
    Location:
    Necropolis
    I had a problem also a few months ago
    someone put this code

    Code:
    http://www.fileden.com/files/2009/3/1/2344198/Injection.txt
    in all my index , config and db phps so google blocked my site with that stupid warning

    was using the viral script
     
    • Thanks Thanks x 1
  9. netjedi

    netjedi Jr. VIP Jr. VIP Premium Member

    Joined:
    May 15, 2008
    Messages:
    666
    Likes Received:
    1,049
    Occupation:
    Student
    Location:
    Endor
    I use kaspersky.. any way i can delete it? that thing is on my sales page.
     
  10. gundamwing

    gundamwing Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 18, 2008
    Messages:
    1,274
    Likes Received:
    913
    check your sales page source try find iframe tag because kapersky detect iframe trojan or maybe an invisible popup you have there
     
    • Thanks Thanks x 1
  11. netjedi

    netjedi Jr. VIP Jr. VIP Premium Member

    Joined:
    May 15, 2008
    Messages:
    666
    Likes Received:
    1,049
    Occupation:
    Student
    Location:
    Endor
    found one of them... it was from a download in this forum. Someone shared a PLR which i added into bonus with the small part of the sales page. Whats inside?

    <script type='text/javascript'> str='@3c@49@43@3d@27@68@74@74@70@3a@2f....

    this seems to be the prob.
    Anyone knows whats this?
     
  12. keinehabe

    keinehabe Supreme Member

    Joined:
    Nov 4, 2008
    Messages:
    1,207
    Likes Received:
    472
    Gender:
    Male
    Occupation:
    -= CEO =-
    Location:
    Heaven
    Home Page:
    it's scrambled code :) ... only if you know the scrambling method you can decode it :) ...
     
  13. netjedi

    netjedi Jr. VIP Jr. VIP Premium Member

    Joined:
    May 15, 2008
    Messages:
    666
    Likes Received:
    1,049
    Occupation:
    Student
    Location:
    Endor
    I just delete that part. Now the iframe thing doesn't appear..
    Weird..