My site displays this warning. I’ve taken all the files down and reuploaded a new index file and hardly any other files. I also downloaded all domain files to a local folder on my pc then ran it through grepWin as instructed on a different post. I did a search for:
<iframe src\s*=\s*\“http:\/\/mysterio\.info\/cgi-bin\/worker\” width=\“1\” height=\“1\”> <\/iframe>
The scan did not show any virus. My site is still blacklisted. Here is a bit.ly link to my site domain:
http://bit.ly/aa1KoC
I changed it with bit.ly so the actual domain won’t show indexed in this thread as an “attack site” later on, by the big G…
Any help will be greatly appreciated. I’m not asuper tech savvy computer user, but can follow some directions.
Thank you,
Baza
p.s.I’m installing F-Prot now to do a scan
hello :-),
It seems that the last time you requested a scan from Google was on the 8th of March. have you tried since then to clean the site further and request a scan.
If not then please visit the Google webmaster tools login page to do so :-)
And this might help
Jaal Scan ID # 10484938446-339 output
REDIRECTION: www.469k.com – > voicecash.ibuzzpro.com
Malicious code detected on line 49 of voicecash.ibuzzpro.com
starts with
<!—alert(unesc ape("%66% 75%6E%63%74%69% 6F%6E%20%70%>
Please look at the copy of the page on the server, if you cannot locate this code, it is probably being injected at runtime, when a user is requesting the page. It might be useful to then wipe out the hosting directory and check for malware, on the server and in the backend database. You can also ask for help from your hosting provider. Please check out other pages too.
If you have any specific issues feel free to ask for help.
Also, I am collecting info from people affected by attacks like this, if it would be possible for you to share your experience, could you kindly shoot me a mail at a.banerje e @ s top the hac ker .com (please remove the spaces).
We also provide vulnerability identification and mitigation services to help websites from being infected in the first place.
Hope this helps,
-A
Dr. Anirban Banerjee,
Jaal LLC, Riverside, CA.
Site:www.stopthehacker.com
Blog:www.stopthehacker.com/blog
Twitter: @stopthehacker
Facebook: stopthehacker
Jaal: Protecting the Internet, one website at a time™
Hello Dr. Banerjee,
My last request for this site to be scanned by Google was actually on Mar 13th.
Your scan indicated this line of code: <!—alert(unesc ape("%66% 75%6E%63%74%69% 6F%6E%20%70%> Malicious code detected on line 49 of voicecash.ibuzzpro.com.
My site is 469k. It was compromised BEFORE I initiated the REDIRECTION to voicecash.ibuzzpro.com. So, am I correct in assuming that this reference (Malicious code detected on line 49) would be to my site and not the redirect site?
I cannot locate this code. I have done a search for it with GrepWin on my pc files for this site.
Can you help me with the removal of this code?
Thank you,
Baza
