1) Project Details:
Our website has had some code injected at some point in the last couple of months. During this period I noticed occasional warnings from NOD32 and asked the original developer to prune and disinfect the site. The site has been pruned of old files, but the malicious code remains. I have also moved to a new host (unrelated to this) and the site is still compromised.
The script inserted at the top of the page is identified as "JS/Iframe.DK trojan" by NOD32, and confirmed by their support department as not being a false positive when I submitted the page that was quarantined. In the past it has appeared in NOD32 as "JS/Iframe.EK trojan", "JS/Iframe.IK trojan", and "JS/Iframe.CD trojan".
I will send an archived copy of the site to be inspected for the compromised file(s) which contain the code that has been occasionally inserting the malicious script into the homepage.
The entire site is designed around flash objects loaded via php pages on the root page of the site (index.php), and all navigation is done within the flash objects. There are other php and js files in use which likely contain the malicious code. The site also has a mobile (HTML5 ?) version for non-flash supporting mobile devices. There is also a tiny custom flash CMS to manage a bit of information in one of the flash "pages". The CMS makes AMF calls to zend, which exists as a folder within the CMS directory.
While not a requirement for this project, we are looking for an individual or team/company that can provide support, maintenance, design, and development work for the site moving forward. We have other sites which will likely require the same services as well, so I would like to build a relationship that can cover all facets of our website support.
2) Payment method/ details:
I believe a flat rate of $100 is fair for this project although I am open to offers if your experience or expertise warrants a higher rate.
Payment can be made via paypal or company check.