This type of infection is much more common with the password however. For that reason, you should follow these steps:
1. Scan your local computer, the clients computer, and any computer from which you have accessed the account using an up to date virus scanner such as http://malwarebytes.org CRITICAL!
2. Update the cPanel/FTP password with a password that is not easily guessable. Use 12-digits and something like example (!) &G5s#!K-|%H1
3. Submit your site for a rescan using your Google Webmaster account. If you do not already have an account please follow the instructions on this page to obtain one: http://www.google.com/support/webmaster ... swer=45432
4. Read the information provided below about this type of viral infection and how to further prevent it.
What are malicious iframes and what causes them?
! Over the years hackers found it hard to trick people into visiting suspicious sites so they're now targeting legit sites and using them to infect unknowing customers. In most cases an FTP account's password is obtained through key logging malware, then legit website files are modified to distribute the malware and gather more passwords. If your PC has been infected with one of these trojans, your bank account, email accounts, and FTP accounts may no longer be secure.
What to do if you find malicious iframes on your PC?
1. Use the following online vulnerability scanner and ensure your software is up-to-date: http://secunia.com/vulnerability_scanni ... ?task=load
2. Download antivirus and fully scan your PC for malcious files. Here are some free online scanners:
http://housecall.trendmicro.com/
http://www.bitdefender.com/scan8/ie.html
http://www.kaspersky.com/virusscanner
http://support.f-secure.com/enu/home/ols.shtml
3. Update all passwords that may have been obtained. Do not use old passwords, generate new ones (see above)
4. Upload older versions of the files or contact support for assistance removing the malicious iframes.
Prevention measurements
- Ensure you use the latest browser version
- Disable javascript if possible
- Use Firefox with addon "noscript" (!)
- Download and install some antivirus software, make sure it stays updated
- Use http://www.avg.com.au/index.cfm?section ... onlinescan to test suspicious links you are given in emails or find online.
Others
BACKUP & DOWNLOAD (!) your site and database! Use either your cPanel features or use Joomlapack (http://www.joomlapack.net)....whatever you use: BACKUP!
Hope this helps!
Leo
![Cool 8)](./images/smilies/icon_cool.gif)