Help with site malware...
by Heavypen
4 months ago

Site in question – www.nationwidebackgroundchecks.com
Just found out that this site has malware… a bit of a noob with this. Where do I look to get rid of this?

by redleg
4 months ago

There is a hack(s) in this file

http://www.nationwidebackgroundchecks.com/GeneratedItems/CSScriptLib.js

it is all the lines that start out

document.write('<script

at the bottom of the file.

Do a scan of your PC and make sure there are no Trojans/viruses capturing your ids/passwords, change ALL passwords especiallly FTP, it is likely your passwords have been compromised. Never store/save your passwords in your FTP client, use secure FTP if available.

Once the site is secure and clean you need to submit a request for review in you Google WMT account to have the warning removed. If you have not verified ownership of the site you will have to do so first. The following reference explains the procedure.

http://sites.google.com/site/webmasterhelpforum/en/faq-malware-and-hacked-sites

by Heavypen
4 months ago

Okay… found it. Thank you!

Yes… plus they got to my CSS, created an alternate site… what a mess.

by redleg
4 months ago

It is in all your javascript files

http://www.nationwidebackgroundchecks.com/menumachine/menumachine2.js
http://www.nationwidebackgroundchecks.com/menumachine/main_02/menuspecs.js
http://www.nationwidebackgroundchecks.com/menumachine/core/iedom.js
http://www.nationwidebackgroundchecks.com/menumachine/core/w3cdom.js
http://www.nationwidebackgroundchecks.com/menumachine/core/un.js

by Heavypen
4 months ago

gonna have to burn this down and reload… @#$%!