Trojan Horse

[homerthingy65]

Recently I was browsing my website, pncguild.net, when my antivirus software (avast! free antivirus) gave me an alert saying that it just blocked a trojan horse from a script on the page. The screenshot is shown below:

http://dl.dropbox.com/u/16652147/pnc_trojan_horse.png

Just to be safe, I used FTP to download all the files of my website onto my computer and did a scan with both avast! and Microsoft Security Essentials. No threat was found using either tool.

Can this issue please be looked into? Other avast! users are saying they are getting the warning to and it concerns me deeply.

 

[Livewire]

It should concern you, unfortunately - check the bottom of your index.php file in a text editor. There's a bunch of garbage at the bottom starting with <?php eval(gzuncompress(base64_decode( - this code is what's triggering the warning, but it ONLY triggers it when you view the page as that's when the code actually gets processed. That code is likely evaluating to a drive-by malware installer, however because it's encrypted, avast! won't actually flag the index.php file itself - just when you view it.

My advice? Back up the database, and do a full reinstall of the software you're using, including updating it to the latest version possible. Said reinstall should come from a fresh download of the software in case any local backup of it was already infected.