A close encounter involving examination and excision of the JS: Iframe-FG JavaScript virus.

A business associate stopped by the pc shop not long ago. He expressed serious concerns about a probable malicious take over of his online business ınternet site. Moreover, He required some assistance examining new malware alerts originating from his anti-malware software Avast!. The application cautioned of corruption by the JS: Iframe-FG [Trj] malware. He continued on to explain that none of his internet browsers would open his company website. Furthermore, the anti-virus packages, installed on his clients computers, showed an infection situated within the website.

My first action includes reviewing the website with a number of third-party analysis resources, which include Zulu Url Risk Analyzer and URLVoid. The Zulu review verifies that many anti-virus applications consider his website harmful – this isn’t good for business. The URLvoid log comes back positive – confirming the presence of the JS: Iframe-FG trojan hack.

A brief history: the Trojan: JS: Iframe is a vicious JavaScript that is embedded as an IFrame in hacked internet sites, commonly by way of SQL injection approaches, or as a result of Blackhat search engine optimization poisoning. When opened in a internet browser, the virus redirects the browser to an alternative internet site.

The subsequent step calls for acquiring the origin of the malware. In many instances, the purpose, of an iframe injection hack, includes redirecting the web browser from one web site to an alternative internet site. I execute a further scan of the website – this time using urlquery. net. The report suggests a browser reroute to the domain couchtarts(dot)com. I can deduce, founded on the virus description and redirect location, the fingerprint of the unwanted javascript code. I look throughout the files on the web server for all occurrences of “var _q” and eliminate all accompanying javascript.

We adjust the account details of the web server and the content manager and the site now functions seamlessly.

Posted in Virus, Malware And Spyware Removal

Leave a Reply

Call Us!
Call us for a free analysis.
(818) 674-0941
Poke us