The log is posted below. Before I ran the MBAM scan, I downloaded all the files from my Web site so those would be scanned too. (Took most of the day to run the scan, or I'd have been here sooner.) As I was downloading the files from the Web site, Norton indicated it was blocking lots of bad files. MBAM came up clean, though. However, AVG picked up two HTML/Framer viruses. The warnings look identical to me:
"C:\Documents and Settings\Nick\My Documents\Team RCIA\Back up TeamRCIA 0511\Backup2\wp-includes\default-filters.php";"Virus found HTML/Framer";"Infected"
"C:\Documents and Settings\Nick\My Documents\Team RCIA\Back up TeamRCIA 0511\Backup2\wp-includes\default-filters.php";"Virus found HTML/Framer";"Infected"
I also found some information on this Web site
http://bit.ly/8uCA9 that iframes are injected into index.php files. I did a desktop search on "index.php" and physically looked inside each of them. They all have an iframe code that includes ibalefo.net.
I did a desktop search on "ibalefo" and found four index.html (not php) files that had the bad code.
I can reload clean files to my Web site, but I'm not exactly sure how to make sure all my blog posts get reloaded without also reloading the malware. Thanks for you help.
And thanks to you, too, quietman7 for your info.
Malwarebytes' Anti-Malware 1.37
Database version: 2222
Windows 6.0.6002 Service Pack 2
6/3/2009 4:21:06 PM
mbam-log-2009-06-03 (16-21-06).txt
Scan type: Full Scan (C:\|D:\|F:\|G:\|)
Objects scanned: 515773
Time elapsed: 8 hour(s), 2 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)