[Solved] Cpanel index page - Virus infected?

[Ntsite]

While trying to log in with IE 8 to my cPanel account my antivirus warns me about Html/Infected.WebPage.gen. It seems to be related with I-frame, because in another browser I-frames are disabled so by logging in I don't recieve any warnings.

[jje]

The only IFRAME used when using cPanel is the script which keeps your account alive (stop being suspended due to inactivity).

 

1. What URL are you using to login?

2. What anti-virus are you using?

3. What is your domain and username?

 

This support request is being escalated to our root admin.

 

@djbob : I am not getting any messages in IE8 and I am using AVG. However, cPanel isn't displaying correctly in IE8.

[Wizard]

I wouldn't trust IE8 past using it to download Firefox/Chrome. Are you running updated anti-virus software? What anti-virus do you have?

[Guest Geoff]

Internet Explorer sucks. Go here if you don't believe me.

[Ashoat]

I'm not seeing any such file in the cPanel web directory. Can you point out exactly where it is, or where you think that I should take a look?

[Ntsite]

The only IFRAME used when using cPanel is the script which keeps your account alive (stop being suspended due to inactivity).

 

1. What URL are you using to login?

2. What anti-virus are you using?

3. What is your domain and username?

 

Hi.

 

How can I get details about my account activity?

 

1. The actual url I try to login is ntsite.heliohost.org/cpanel

2. Avira Premium 10

3. ntsite/Stevie

 

I use Opera 9. But due to security reasons I disabled Inline frames. So registering was unavailable from Opera I used IE for more stability. after then tried to logged into account and recieved a block message from Avira.

Thought it's just coincidence. but also realized that pages don't open and leaves blank. while trying with Opera, it was OK, as there i-frames were disabled.

The next day I tried again with IE8 to login and again received the same message.

 

I looked for details and here are they:

 

When accessing data from the URL, "http://skfi.info/"

a virus or unwanted program 'HTML/Infected.WebPage.Gen2' [virus] was found.

Action taken: Blocked file

 

Right now I tried to try again, but now I recieve this error message from IE though I didn't block the website:

 

Internet Explorer cannot open Internet site

http://stevie.heliohost.org:2082/frontend/x3/index.phpcp

 

Access is denied

 

But with Opera it's OK. I also tried by enabling I-frames - no error was received.

 

Thank you.

[Ashoat]

I just did an analysis on network requests on the cPanel page, and I can't find anything requesting "skfi.info"...

[Ntsite]

I just did an analysis on network requests on the cPanel page, and I can't find anything requesting "skfi.info"...

 

 

Sorry, you are right, "skfi.info" is not related with cpanel - because actually it gets blocked by Guard not Webguard.

The Guard blocks index page that's why I receive the error from IE that access is denied. The actual details for this issue are:

 

Virus or unwanted program 'HTML/Infected.WebPage.Gen [virus]'

detected in file 'C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1F5WVZO\index[1].htm.

Action performed: Deny access

[Guest Geoff]

Can you please post the contents of that file?

[Ashoat]

A network request analysis in Google Chrome doesn't show any "HTML/Infected.WebPage.Gen" being requested.

[jje]

IFRAMEs must be allowed because they keep your account active and stop your account automatically suspending.

[Guest Geoff]

I don't understand what you have against iframes. The problem is obviously your computer, not heliohost.

[Ntsite]

Checked with Virustotal just only Avira recognized it as Malware. Also another VBA32, found "Malware.HTML.Iframe (paranoid heuristics)", though in Virustotal it found nothing. Seems like nothing serious.

 

http://www.virustotal.com/file-scan/report...c5c-1297875506#

 

 

Thank you guys.

[Ashoat]

No problem, and thanks for letting us know