HEUR:Trojan.Script.Iframer

  • Hi:

    My blog has been hacked. I received the following message from Kaspersky and it’s been verified that it’s not a false positive.

    The requested URL could not be retrieved

    While trying to retrieve the URL:

    https://stevewagenheim.com/blog/

    The following error was encountered:

    The requested object is INFECTED with the following viruses: HEUR:Trojan.Script.Iframer

    Please contact your service provider if you consider it incorrect.

    They gave me a piece of the code that was tacked onto one of my files.

    Here are my questions:

    1. How do I find which file the code is in, if it’s at all possible?

    2. If not, I just downloaded 2.7. What do I have to do to insure that when I upgrade, the trojan is gone? Will upgrading alone remove it?

    3. If not, I don’t want to lose all my posts (over 550 so far) I realize that they’re in the MySQL database, but if I do a new install, how do I designate that I want to use an existing database? I usually just let WordPress pick the database name.

    I am NOT a technically proficient user. I know just enough to do an install using Fantastico and that’s it.

    Any help you can give me to resolve this matter will be greatly appreciated.

    Thanks.

    Sincerely,

    Steven Wagenheim

Viewing 2 replies - 1 through 2 (of 2 total)

  • My site also reports this error, but only for users with Kaspersky antivirus software installed..

    Do you have comments on that page? There are several reports of commenters adding that code. FYI, there are also several reports of false positives … all I’ve heard of so far are associated to Kaspersky antivirus.

    Hope this helps.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘HEUR:Trojan.Script.Iframer’ is closed to new replies.

Tags