Malware detected on my website

Yesterday I decided to visit my own website (at oeilsj.com) and this page is what greeted me.

Google told me that my website was listed as suspicious and that it had:

  • Malicious software includes 3 scripting exploit(s), 3 trojan(s).
  • Malicious software is hosted on 1 domain(s), including oooabterast0.co.cc/.

Naturally, I freaked out.

I had never heard of such website before and wasn’t sure how long it had been up there.

I decided to email my hosting website, Host Clear. At first they claimed they couldn’t find any error on my site, but once I showed them the error page I encountered, they told me specifically what to do.

I’m going to put the instructions up here for those out there who might be in the same situation.

You can start with Google’s Safe Browsing Diagnostics: http://www.google.com/safebrowsing/diagnostic?site=www.example.com (replace www.example.com with your own site address). It will show whether Google found anything suspicious on your site.

You might also want to take a look at my online tool called Unmask Parasites http://www.UnmaskParasites.com . It analyzes HTTP response and HTML code of web pages and highlights  suspicious code (links, scripts, iframes and redirects). Google’s Safe  Browsing information is also included in Unmask Parasites results.

As you probably know your login info can be taken from your browser’s cache by some virus, then credentials to access your hosting account can be delivered and used by somebody else. So, the most vulnerable place can be your own PC and I do advise you to have some good anti-virus software  Also, it is strongly recommended for you to check all the software used for your sites (applications, plugins, modules, themes etc.) time to time.
It should be  always up to date and fully patched (secure).

These tools allow you to find suspicious files or code which should be removed from your account.

After that you need to request malware review of your site.
Google will check your site and, if no malware is detected, will remove the
warning label that appears in your site’s listing on the search results page.
1. On the Webmaster Tools Home page, select the site you want.
2. Click Diagnostics, and then click Malware.
3. Click Request a review.
Once it’s confirmed that your site is clean, it can take up to a day or so for
the malware warning to be removed from your site in search results.

I found the instructions very helpful.

On unmaskparasites.com, I was informed about the malicious code that someone inserted into a page on my website so I could go through my files, find that code and delete it. Once I was done with that, I decided to change all the passwords I had to all my online accounts. (This is partially because my Twitter account was also hacked and tweeted a link to an advertisement that I guess we all have encountered at least once: Stay at home mother making $xxxxx a day online!) After that, I downloaded an antivirus program called Sophos (it’s free for Mac) and screened my laptop. Unsurprisingly, it found one kind of virus called Mal/JavaKC-G in one of my folders (Library>Caches>Java>cache), which I had to manually delete.

Now I am waiting for Google to review my website to check whether all the malware is gone.

I really hope it is all fine now.

Update! Google has finished reviewing my website and it is now clean and online again!

Advertisements

4 comments

  1. James · December 15, 2010

    I had the exact same thing happen to my site! Trying to get it fixed. I didn’t get how to use unmasked…google said I had no malware though. Submitted my review and waiting to hear back.

    • oeilsj · December 15, 2010

      I hope you get approved soon. Mine just did.
      By the way, unmaskparasites.com is so simple, if things don’t work out for you, you should try it. If you have any questions, I’ll be happy to help.

  2. yogesh · March 17, 2011

    Thanks a lot.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s