Virus Attack on my site from javascript and Iframe code

Posted on 2009-04-26
Last Modified: 2013-12-04

My Site is hacked and hacker put some malicious code on my web pages.
They put some javascript code above the body tag and also put iframe at the bottom of the web pages.
I removed this code but It is coming again and again.
Please let me know from where it has came and how I can remove this from my site.

Secondly,I am sure there is some problem with my local machine, I am using window2003 server.
Could you please let me know some antivirus or virus removal tools, so that I can trace this virus on my local machine.

How can I remove this virus completely from my machine?

Thank you



<script language=javascript><!-- 



<iframe src="" width=1 height=1 style="visibility:hidden;position:absolute"></iframe><iframe src="" width=1 height=1 style="visibility:hidden;position:absolute"></iframe>

Open in new window

Question by:Gurbirs
    LVL 47

    Accepted Solution

    Is your site hosted by IX Web Hosting?

    In your local machine, look for any of these FAKE files(Search engine hijackers) and delete them if present in the system32 folder.
    C:\Windows\system32\wdmaud.sys <-- bad
    C:\Windows\system32\sysaudio.sys <-- bad
    c:\windows\system32\ntnet.drv <-- bad

    If the above files are not found in the system, also check the registry key below and check the values of "aux, aux1, aux2, aux3, aux4" to make sure there are no values pointing to random filenames(similar to the ones below)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
    "aux2"= "C:\WINDOWS\system32\..\kvlhurx.niq"

    Also run MalwareBytes and Combofix:(redownload but rename the tools before saving if they don't run at first)
    1.  Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.

    2.  Please download ComboFix by sUBs: and show us the log file(it doesn't support 2003 but it will run)

    You must download it to and run it from your Desktop
    Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    Double click combofix.exe & follow the prompts.
    When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
    Re-enable all the programs that were disabled during the running of ComboFix..

    Do not mouse-click combofix's window while it is running. That may cause it to stall.
    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:


    Author Comment

    Is there any auto scanner software, from where I can scan this particular virus?

    LVL 10

    Assisted Solution

    Do a google search for "web virus scanner" and choose one that you like. FYI this looks like a XSS attack. Make sure you validate ALL input and output from your web page (consider all input as hostile). OWASP guides can help you with this if it is new to you.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
    This is a short article about OS X KeRanger, and what people can do to get rid of it.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now