Is my website Hacked?

I asked my friend to view a page on my site http://www.secretipaddress.com/tools.php
He got a warning like

I tried to view another page of my site using IE6 and my antivirus alerted me about a trojan called TR/agent.cyt.107

Is my website hacked? Is there a code injection? The friend who warned me told me he will ignore the warning and see what happens and he is not online again.

What should I do? I checked all the code and there is no suspicious files or text.

 

Anybody? Its still there.

 

i checked the page but didn't receive any warning.

 

SticKer, did you use IE7 to view the page? As far as I know, IE7 pops up this message when the site is using old active controls. Careful though as your site may be injected, inspect all files and look for suspicious codes (Javascript).

 

i had checked with firefox and didn't get errors.

Now i checked with ie7 and got an error to run an addon: remote data service data control.

 

Exactly my point SticKer.

 

i was wondering what do you guys do in such cases. how can the site owner fix the problem. is it some problem with the code or somewhere else?

 

Yeah, as far as I know it has something to do with the code, especially the ones using active controls, or the server perhaps.

 

so is this error a hack attempt or just a code error?

 

I disabled the access to my site temporarily so that nobody will be infected. I took the risk and ignored the antivirus warnings and looked at the source in IE.
This line is added just after <body>

<script language='JavaScript' type='text/javascript' src='lstbj.js'></script>

Code (markup):

Now, I looked at the code of that file from FTP and nothing is there. Is this some kind of code injection? What should I do?

 

Thanks wisdomtool, I hope some experienced DPer will look into this thread.

 

have you checked if the file is hidden? also try to contact your host admin and address this issue. they will help and remove this file. and try to remove that line and check if pop-up again and inject the code again to index.

 

I'll check with my host. The problem is that the extra piece of code is appearing only if I view through IE. I dowloaded all the files and there is no such javascript. Is there some way to hide the code in HTML? Using the chinese font or something like that?

 

I found a XML file with the name dwsync.xml. Can this be the problem?

 

What is inside the XML file? Try deleting it but make a backup just in case it's not the file that's causing the problem.

 

I have had that problem... usually an <iframe ...> code somewhere on the page... usually header. I won't take a risk looking at the page as I lack proper protection on my PC.

 

The file is found in the images folder. I'm pretty sure I didn't create it

 

Hmm, it doesn't look suspicious. Try deleting it (make a backup though) and see if it messes up your site in some way.