website virus issues
Hey everyone. A friend of mine created a website a while back that is very basic and now when people visit his site, anti-virus says that a virus called HTML/twitscoll.b is on the website. This has happened twice now to him and I am wondering where this comes from and what does it do. The first time he got it I was able to delete it through his ftp and also somehow there was additional lines of code in his index file that were trying to redirect to a different site. I haven't looked at it this time yet as he didn't provide me with his ftp information yet but once he does I will get a better look. Basically what I am wondering is, would this be getting onto his site because of an error in his code or is it unrelated to that and possibly that his godaddy account was compromised and someone is making these changes that way? His site utilizes html/css/php/MySQL but his work is very basic and not complex. Any information or advice would be great. Whenever I get his ftp information I can also provide code snippets to help further determine the problem in needed. Thank you.
It should be a hack, and will need to review the files. One best way to start with is checking through http://sitecheck.sucuri.net/scanner/