Getting a "malware detected" message on my site

Nice design BTW. However I can not reproduce the errors in Google. Googled both domains and no errors were present. Are you using any type of gateway (portal) pages that might be using scraped content?

I didn't see anything suspicious when I stopped by both sites.....my virus/malware detection didn't go off either......

Google has this info

About malware and hacked sites - Webmaster Tools Help

and this

Cleaning your site - Webmaster Tools Help

- Bret

Through my Chrome browser, I get the "Malware Detected" notice, but I don't get it when I visit your site using Firefox.

I just posted information on another thread here where another WF member is experiencing the same issue. You can read my response there with some steps you can take to further determine what may be going on.

Yep. Chrome comes up with the warning "this site......."
Firefox didn't, Safari didn't and IE didn't. Interesting.

The first visit with Chrome I had a "Javascript update needed" which I did not update. I then refreshed and got the above message.

i tried with IE, no message, but its a chrome thing I guess. which means everyone that clicks my ads and goes to the site gets this message? no wonder i wasn't getting any leads, not a one, but I was getting great traffic. this site is a high converting website, I dominate the market here in Chicago. HOW can I fix this? here is info I got from google about "safe browsing".

Safe Browsing Privacy Policies ? Google

this sucks! it HAD TO BE the guy from odesk, as i gave him (my stupid, trusting, fault), some guy named muhamed my hostgator login and cpanel info. yea, i know, jackass me.

this is the only way I can think someone could have accessed my sites. is this an easy fix, i spent a lot of time and money on these sites and we have just sent out thousands of postcards and direct mail driving people to the site(s)??!!!

You may want to delete your site and upload a "clean" file.

Hi Warriors,

I once worked for Microsoft PCSafety Technical Support team (now, Microsoft Answer Desk). I was the one responsible in finding solutions when all Tiers have run out of solutions to security-related issues, and communicating it directly to my PTLs in Microsoft.

I had a client who reported a security threat in one of his sites. What's happening to you all is a browser-redirection issue. It's either there's a script added to your .htaccess file (or some other files) which detects the browser that you're using and its version. I reproduced the problem on two browsers: Google Chrome and IE9 (64-bit). Both hafaeligible.com and shaitownshortsales.com redirect me to Google's warning message of a potential threat. Checking it in IE9, both sites are showing up.

How did that happen? Whoever is responsible in injecting that script to your .htaccess file (or any other file), he/she might have selectively targeted Chrome users. I'm not saying I'm 100% sure because I haven't taken a look at your .htaccess file yet and all files within your CPanel.

I checked both sites from virustotal.coml and it turned out that hafaeligible.com is the only one detected as a threat by Google Safebrowsing.

I have saved the results of VirusTotal.com because I can't post them in here. I need to accumulate at least 15 posts to include links in my posts.

Don't reset everything. That's not a solution but a workaround.
You need someone who can also see what I can see to fix that.

If the site is in HTML as you say then it will easy to find the malicious code and remove it.

You need to change your cpanel password at least and also check to make sure there isnt a script on your site that is being used as a backdoor.

If you want to pm me FTP login I will take a look for you.

It doesn't have to be the odesk guy. You might have visited a site with a virus, the virus installed on your computer. It then found your FTP client and the password file and was able to connect to your server to install the malware. Most of us are lazy and save the FTP passwords on HDD. I figured this out when malware was installed on 3 different hosting accounts the same day (2 hostgator and 1 extreme hosting account). It added a simple base64 encoded script to index.php files on 50 different domains. I spent whole day cleaning my files. I was able to detect which files were infected when I sorted the files by 'modified date'. Luckily the malware left a trace, if it didn't change the 'date' I'd probably spent several days.

I'd suggest you have your hosting company run a scan to find out what files have been uploaded/changed, then remove/replace those files.

contact your hosting company and they can delete it for you! I had a problem with my database and all of the popular browsers and anti-virus software were giving me errors whenever i opened any of my 2 blogs. I sent a simply email to Hostgator and they said somehow someone injected a malware and they went ahead and speedily deleted it for me! So I suggest contacting your hosting company.

Do you use wordpress by the way?

Firefox says it's a Reported Attack Site... I would call Hostgator and request them to clean it up.

Is it common that hosting companies will scan your sites and remove malicious script for you? My host does not have this service. Some of my site are currently infected and it has been very frustrating trying to get them fixed. For future sites I expect I will be changing to a new host.

I would seriously recommend using wordfence to clean up your site, its a lot easier then it sounds. Check out the video I made on it - skip to 6.00 minutes if you want to get to the point and not listen to me rambling to much.

Wordfence Plugin Review

Hi,

Hope you've resolved it by now from the advise of mindreaderwriter.

When such Browser-based Flags were raised for your web sites, the first thing to do is visit your .HTACCESS file in the web server.

There could be new lines injected to it WHEN you installed some seemingly honest web-based apps such as FREE WP Themes, WP Plugins and etc.

Check the rights to the .htaccess file. It should never be 666 nor 777. If it is, you're opened to risks of people altering it.

I'd delete the .HTACCESS in the web root instantly ( and make a new new one if its necessary to have one by some membership apps ). Make sure the rights for the .htaccess file is set to 644. In fact, there should not be any file with file permission higher than 644 in the web root. Directories ( Folders ) are usually 755.

See whether you've resolved it.

If you still have your sites flagged as malicious by Google, then the next step is to look at the plugins you've installed. Update them and deactivate the ones you no longer need ( delete them would be better because it could have been altered ).

If you still get the flags, you need to check your webstats such as Webalizer to see whether there are strange files that some visitors are trying to access. Those files could be the culprits. Seek help from your web hosts or delete them d-i-y.

Here are 2 other risky spots to look at when you're using WP.

I think you know very well that WP images upload directories are sometimes having 777 permission. With this permission, the public can alter your files or upload some malicious scripts into the directory. Make sure you change the Directory permission to 755 after uploading images and etc.

The same thing for your WP Theme Files. To enable custom editing of the php, javascript and css files, you may need to set the rights to 666. I'd reset them to 664 after I'm done.

Just some precautions to take.

Azmanar - thanks for the good suggestions on the permissions. I recently started using a free plugin BulletProof Security. One of its many features is that it tells you what your current permissions are and what they should be so you can keep on top of this.

Your site hafaeligible.com contains malware when I try browsing it but there's no problem with the other site. Even my avast anti-virus doesn't detect any malware on that site.

you can download free malware cleaner from microsoft site:
microsoft.com/security/pc-security/malware-removal.aspx

Hopefully it will help you.

HI All,

Any Script can we found here to clean this codes?

Thanks