Today we are very busy in dealing “Iframe virus”,which infected to one of my friend’s blog.His site was reported as Harmful site or Malware carrying site by both Google and Firefox.At first we don’t know what malware or virus infected his blog. After few trail and error methods we discovered an iframe placed in index.php and other php files.we thought this is the root cause because,this infected site is a personal blog,so no ads and he never used any iframe. With this clue we googled and found good tutorials to get rid of this virus,thanks to WordPress Community.This is not a new virus,we can see similar instances in 2007 blogger blog also.
Motive of Iframe virus :
This Iframe malware can infect any Php file,which access your website mainly from your (99%)
PC via FTP transaction(steals Ftp passwords) and injects harmful Iframe code in php files,this code often overwrites the ending php tags in the file and thus brings the site down.
7 Steps to remove Iframe virus
First Install this wordpress plugin AntiVirus 0.4,then scan your templates,if you find any harmful code or virus indication.
Now Block access to your site by creating a temporary page index.htm and upload it to the server explaining that your site is down temporarily,this prevents infecting others PC’s,also ask your hosting service to scan your server.
Now start cleaning viruses in your PC,update your anti-virus or Install branded or good working Internet security suites, as i said before the origin of infection to your site will be your PC which some how get infected through other sites.
After complete cleaning , now Change all your FTP and cpanel passwords or ask your Site Hosting staff to change them if you do not know how to change.
Now uninstall your FTP(desktop) software, and all the registry entries with nice uninstaller( I recommend Revo uninstaller) and install new software(Filezilla recommended)
Don’t delete the files on the server ,What you need to do is replace the infected files with original files.
Some times your Webhoster may help you restore instead of going through all this fixing,but maintaining the site is the responsibility of the customer.
Now Download same WordPress version,themes (Fresh copy) and plugins,scan them and check if there is iframe code in them with TextCrawler(freeware),then start replacing infected files with these files.Then remove unwanted themes and plugins.
Reopen your web site and check if your Antivirus prompt any alert about the site.
The Iframe virus or malware can infect any files (.php, .html, .asp) which have got </body> tag,below are some common files where we can find this code
index.php in root folder
wp-config.php in root folder( carefully while replacing this file,it contains database information like, user name and password)
index.php in wp-admin folder
index-extra.php in wp-admin folder
index.php in wp-contentsyourtheme folder
home.php in wp-contents yourtheme folder
default-filters.php in wp-includes folder
I hope this will resolve the issue if you find this virus in your blog,but i cannot give 100% assurance.As errors are always possible,if you find any errors please notify us in comments.
How to remove IFrame Trojan?
Frame Hack WP on Several Sites
Using Combofix to guide and tutorial
HTML: iframe wordpress-inf Infection