Windows was warning visitors of malware on the site and the client asked for help. It turned out that there were some problems with photo upload because the link in the controller was considered to be a virus. So we have investigated the problem using online scanners Dr.Web, AVG, etc, and found a virus in the code. It was caused by server vulnerability. The malware code was encrypted and its goal was redirect users to infected website or frames embedding from that site. We have removed the code successfully and made the site work well and stable.