Hi all

A clients website has been and I'm trying to figure out how this could have happened.

Any ideas how HTML/framer could have been placed on the server and how to remove it? I've found lots of threads on how to remove it from a personal computer but nothing for a web server.

Anyone have any ideas?

EDIT: I know the problem exists in the index.php file because when I download the it and try to open it I get access denied and my avg alerts me of HTML/framer. I've tried deleting index.php off the server and replacing it with a backup copy but this doesn't seem to solve the problem.

Also, I've noticed a website being called when loading the index page (icq-mobila.ru) Seems whoever this hacker is, he's Russian.

Though this is totally out of my realm of knowledge but I tried, you may find some info HERE and HERE or HERE