I bought a niche blog from a vendor who seems to have embedded a trojan horse within an I-Frame. A couple of days ago when I went to the home page the path was blocked by my AvastPro Anti-virus with this notice: HTML:IFrame -PE[Trj] Support at my web host said traffic was being re-directed to http://t5rvi83nwx.co.tv/?go=1 (which is now no longer working. Now, nothing works. When I go to the site, http://YourBabyGenius.com I get this notice: /** * Front to the WordPress application. This file doesn't do anything, but loads * wp-blog-header.php which does and tells WordPress to load the theme. * * @package WordPress */ /** * Tells WordPress to load the WordPress theme and output it. * * @var bool */ define('WP_USE_THEMES', true); /** Loads the WordPress Environment and Template */ require('./wp-blog-header.php'); ?> ********* I have zero knowledge about the code used on the blog. Is there any way to identify and remove the offending code for the I-Frame and Trojan horse?? Any help would be greatly appreciated. Robert
It seems like the opening php tag is missing. Open index.php, and add this at front: "<?php" It should work. If not - and even if doesn't - I recommen reinstalling wordpress (Back up your files!)
WOW! I added <?php /** to the opening and it worked like magic - OOPS. I have had to edit this post, because all of a sudden my AvastPro anti-virus is again showing the HTML:IFrame -PE[Trj] threat But the site was working and showing up normally for about an hour. So I guess it is not wise to try and access YourBabyGenius.com By the way, I looked up the threat HTML:IFrame -PE[Trj] thru Google and found a reference: "The iframe domain points to IP 94.60.123.48 which is blacklisted in RBL for spreading malware based on "Blackhole" kit." Is the iframe still there on my blog? Or has it been disabled in some way? (Obviously I realize now the threat is still there). Is there any way to get rid of it?? Robert
Hello Robert, I can remove that code form your blog. One more thing i have found on your blog i.e if you go with url www dot yourbabygenius dot com your blogs work and if you go with url yourbabygenius dot com your blog will not work.
Are you sure it's not a statistics counter you've installed? Quite a few of those are picked up as trojans by some AVs..
I agree with ssmm987 - save your content, get rid of the blog, install Wordpress and add your content to it. It's more work than the "quick fix", but you're only putting a band-aid on a severed artery. (And if the site works differently with the www and without it, if your domain name provider can't fix it, I'd move my domain name to someone else's nameservers.)