Wednesday, December 15, 2010

script virus on website - or website getting virus message on google result

In the recent past I have noticed a lot of my hosted websites getting a virus notification on the google search result, and even getting a virus alert when browsing thru firefox or chrome.

I have spent hours to fix this problem , and know that a lot of people must be having the same problem.

The virus doest not only infect html files, but even php , asp , js and css files, and even created some dummy files in the images folder of the website.

this virus is not caught thru norton antivurs, however avg, avast etc are quick to find and block it, but norton continues to be irresponisive to this virus.

i noticed that some script codes are written either in the head tag of the website or after the html tag of the website.

usually we think that hosting server is infected.
No , it is not.

We think someone has hacked the site.
Not really, but yes it is the problem.

Here is my findings and ways of updating it:

It is highly likely that your system has been compromised by a trojan , spyware, which resides in ur system , and whenever you connect to a ftp site , it stores its information and then uses it without you knowing it -
so even when you think that the ftp program is closed, what the virus does is that is uses the username / password information from that ftp program and auto uploads the virus codes into your website.

usually the virus code is in the < HEAD > tag or just after the < HTML > tag closing.
some times its an iframe coding , linking to an external site, and some times its a unix eval script code.

So what you first need to do is clean your system.
changing your ftp passwords wont help as it will keep coming back, no matter what password you keep.

you can check for malware / spy bots thru :
malware bytes - (google the name )this is a good spyware removal tool , and works most of the time.

Once you are sure that the trojan has been removed, the second task is to re-upload the site.

But first you need to delete all the contents on the existing site, even the images and other folders , which you think the virus might not have infected.
delete all html , php , asp , js , css and every other file includng the images folder and others.

May be ask your hosting provider to delete the account and re-create it , or you should delete all the files on your hosting , including images, js and css files.

re-upload the website.
monitor the site for a few days by ftping again and then downloading the files from the server and then checking the code of the website, usually in the head or after html tag.

if the virus tag is still there, then your system is not clean yet.
you seriosuly shoul consider formatting the system and installing a fresh copy.

if the virus is not there, then you are clean.
you need to tell google that your website is clean.
go to and create an account,
login and submit your site to google webmaster -
verify that you are the ower of the site , thru several of the ways google suggests that you should verify that you are the rightful owner.

once you have verified that you are the owner, you will see that your site is accepted , but a red head line is shown , showing that the website is infected .
click MAKE A REQUEST link and make a request that your website is clean.
google will remove the virus noice from search results in 2 days time at most.

If your site is infected and you want to remove the virus code from all the files, consider using a "fine / replace " utility.
this will find the text you will write , and replace it with the new code you will write.

I have experiened that the virus code on all the pages is the same, so you will need to use a simple find and replace utility which will find the virus coding from allt he files and delete it .

I have used "simple search / replace" utility , which is pretty fast and easy to use.
You can tell the program which files to search for, and which text to search for and which text to replace it with .

the program then does it in just a minute , so you are saved from going into each file, finding the code and uploading it again.

hope this will help.

No comments:

Post a Comment