Comments on: HTML/Framer.Z Virus in WordPress

By: Adi5402

Adi5402 — Mon, 22 Jun 2009 12:37:02 +0000

Hy dude how do u know where its effecting my whole website seems to be infected avg is picking it up on all index files as infected with this framer thing

ill look for ur code now

By: Trent M

Trent M — Mon, 01 Sep 2008 17:00:47 +0000

You probably had some kind of antivirus program tell you your site was infected. So, whatever page URL you were on at the time you saw the antivirus message is the page you want to first examine.

Use an FTP program to download your htm/php file and repair it or just upload and replace the infected file with a clean version of the htm/php file, if you have it stored somewhere on your computer.

If you try to repair, after you download the infected file, open in Dreamweaver or something that allows you to search the code. You won’t get a virus by opening up the file in a html editor, but only by viewing/previewing in a browser. If you don’t have a html editor, you can also rename your file extensions from .php to .txt and open in Notepad and also find/replace that way too. Just look for funky looking code like in the example listed above on this page.

Good luck!

By: DrJ

DrJ — Mon, 01 Sep 2008 10:06:09 +0000

I’t infected my site to.
but i can’t open the htm and php files and search the code!?
( avg not running )
How can i open/edit the infected files?

By: Trent M

Trent M — Sat, 16 Aug 2008 01:08:04 +0000

You might want to do a global search/replace on your website to get rid of it. It will probably be similar code to the example I posted above. I’d first identify the exact code, then determine if it’s exactly the same across all your infected pages- it likely is. Then if your site is actual separate html files, I’d use something like Dreamweaver to do a find/replace to remove it. You can set Dreamweaver to remove all files that contain *code* within a specified folder. If your site is dynamic (database driven), I’d do a search/replace in your mysql database or whatever you’re using.

By: tom

tom — Thu, 14 Aug 2008 15:28:34 +0000

what do you do if they have infected your whole site like they did mine? I have a huge site

By: Jet

Jet — Sat, 19 Jul 2008 11:45:41 +0000

This html framer.z came up on my AVG virus program too. It’s in the AVG virus vault right now. I don’t see anything on AVG I can use to delete it from my PC. I’m not that experienced to be able to get this framer.z off my PC. I looked on the Norton web site for a program to remove it but didn’t find anything. Can anyone offer some help please?

By: Miriam

Miriam — Sat, 05 Jul 2008 03:59:51 +0000

Trent,
It is good you detected the “lovely hacker”. It was very frustraiting for me
everytime I wanted to open your blog and my compueter’s secutiry awarned me that it had virus.