BadwareBusters - Most recent topics

Please provide security agent for our website.

contact@badwarebusters.org (stellarinfo) — Wed, 10 Mar 2010 01:07:08 -0500

Though we have already removed all the malware from our site http://www.stellarinfo.com/ and also submit a request to remove warning message which is Report Attacked Site under scanning in Google.com. Besides this we need a security agent who can taken care all of security measures in stellarinfo.com server, so this type of Malware of virus threats will never attacked in future.
If you have any reference or contact please give reply to this post.

Thanks in advance.

Please remove our site from badware

contact@badwarebusters.org (stellarinfo) — Wed, 10 Mar 2010 00:07:12 -0500

We have removed all the malicious viruses and malware from our site, please remove the site http://www.stellarinfo.com, the banner of attacke site.

Discussion about www.westerncd.net

contact@badwarebusters.org (westerncom) — Tue, 09 Mar 2010 23:29:58 -0500

pls remove my badware list.i remove all files my domain.i clear 100% ok now.
Pls help.Thank U

Delete username humolotreb's and olik from webspaces

contact@badwarebusters.org (protectwebsites) — Tue, 09 Mar 2010 19:08:51 -0500

users that have attacked many sites go by the name of humoloTreB’s and post porn aswell as other directories beware of these usernames…
they either inject a virus and plant files / directorys do a search on the internet and you will see that this username has been used many times most of the times this person(s) is doing it from legitamate websites by gaining unlawful entry how do we stop these people?

Rogue a/v software

contact@badwarebusters.org (mavrakis) — Tue, 09 Mar 2010 17:33:45 -0500

We have seen a large number of infected computers recently with rogue AV software and could not figure out where it was coming from. After questioning users we found they all reported the same issue, surfing the web and without any warning fake AV popups hit their pc.

After a bunch of searching we found a site pushing the rogue AV malware program in question. The rogue AV software once installed is know as XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010.

If you want to “play” with the infected site, you can find it here:
http://vuvuhip(dot)info/cgi-bin/login(dot)htm

The site is using a PDF exploit know as Exploit.PDF-JS.Gen, JS:Pdfka-YT [Expl], EXP/Pidief.czz and Exploit.PDF-JS.Gen.

We found updating to either adobe reader 9.3 or 9.3.1 would not allow the installation of the malware to occur. After hitting the infected site, Adobe would generate the following message after an unsuccessful attack “A 3D data parsing error has occurred.” We also found that the enhanced security in Adobe reader 9.0.0 was not helpful in this instance. Another helpful item to protect against this type of attack was to uncheck “Enable Acrobat Javascript”.

Since we spent hours tracking down all the bits of info you see here, I thought someone else might find it useful.

If you have the malware installed and need to remove it, try the following:
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

Malious software

contact@badwarebusters.org (carolinaglassmasters) — Tue, 09 Mar 2010 16:25:19 -0500

Yes, google keeps saying that my sit www.carolinaglassmasters.com has malious software. I have had 3 different company’s look into this and they all come back with my site is clean. Can you HELP!!!

Malware on our site (and no idea how to fix this!)

contact@badwarebusters.org (Vreonik) — Tue, 09 Mar 2010 12:27:10 -0500

Good morning,

Our website is considered as a malicious site by Google. Our website is www.nacda.ca and the following two codes seems to be the ones causing us problems:

pt>

Frustrating malware problem

contact@badwarebusters.org (dereko) — Tue, 09 Mar 2010 10:55:57 -0500

Hi all,

I’m completely redeveloping this website and had no part in developing the existing one.

It now appears to have a malware/virus on it. Google has now marked it as so and google chrome and firefox are basically blocking you from viewing the site. Which as you can imagine is not good for my client. So I’m try to help.

the site is http://www.fishpond.ie

I had a look myself and found a bunch of code added to js and php files. I searched for the pattern in other places and removed about 50 inserts of code.

I thought i got it all but google still says there is a problem with the site. I’m wondering could you point me in the right direction on how best to find the problems exactly. My guess is if Google has some way of detecting it then surely there is some way for me to run some script/program etc on the the site. The idea being it will tell me what files are infected.

Any help would be much appreciated.

Regards,
Derek

Wcmessenger.com malware

contact@badwarebusters.org (wcmessenger) — Tue, 09 Mar 2010 10:23:40 -0500

Hi All,

Site was attacked via OpenX. I noticed someone had highjacked the code and inserted HTML (javascript, actually) after each banner ad. I first went in and deleted all the code. Next, I deleted the entire OpenX install on my server, followed by the database itself. Still getting Google’s warning about the malware. I have put in several requests for a review to no avail. Have changed the FTP password in the site.

Any ideas? Many thanks, all!

I got the malware...

contact@badwarebusters.org (Fisherking) — Tue, 09 Mar 2010 09:40:38 -0500

Here’s my site:
www.tsurishopjapan.com

I ran it through google’s webmaster tool and got these pages as my main problems:

http://www.tsurishopjapan.com/
http://www.tsurishopjapan.com/index.php?cPath=38
http://www.tsurishopjapan.com/index.php?manufacturers_id=36

At this point I need to know what to do…

Thanks,

Nigel

Sites not being fully reviewed

contact@badwarebusters.org (raweditor) — Tue, 09 Mar 2010 09:25:51 -0500

One of my sites was deemed clean by Google (gossipcenter.com), and than it was cleared by stopbadware.org. My other two sites were also deemed clean by Google (celebrity-gossip.net and celebspin.com), but they have not been cleared by stopbadware.org. Only one or two file paths on these sites have been reviewed, but the rest appear to have been ignored or skipped over. All the sites were submitted at roughly the same time. What do I need to do to get stopbadware.org to finish reviewing the site, and not just one file path?

Thank!
Brad

Good afternoon

contact@badwarebusters.org (Arteg) — Tue, 09 Mar 2010 08:54:10 -0500

Guys, I need some help. My site http://www.horsetransport.ru has been infected (Google said it). But I searched all the pages and didn’t find any viruses entries. Can you help me to find it?

Thenk you.

Discussion about ilion-church.gr

contact@badwarebusters.org (stelios) — Tue, 09 Mar 2010 08:44:57 -0500

Hello , i would like to inform you that the site www.ilion-church.gr now is cleaned. I want to remove my site from your list.

Http://www.google.ca/#warning

contact@badwarebusters.org (ericacy) — Mon, 08 Mar 2010 16:26:09 -0500

I get this message in my address bar whn I try to search something in google. Help???

Reported attack site : http://www.thipuraicityhotel....

contact@badwarebusters.org (siriwans) — Mon, 08 Mar 2010 11:35:12 -0500

My site has been reported by Google , and I have already removed all the files and I created the new page which is index.htm (i’m sure it clean) but google still report the attack info. but those page are no longer available s. such as

http://www.thipuraicityhotel.com/reservation/RackRate.php
http://www.thipuraicityhotel.com/package/index.php

what should I do to fixed it , please advise , Thank you

Discussion about frenchrituals.com

contact@badwarebusters.org (josh_loomis) — Mon, 08 Mar 2010 10:38:42 -0500

This discussion is about the flags raised by frenchrituals.com related to malicious code.

As one of the programmers responsible for this site, I can tell you that the code has been removed and as of this morning (3/8) has not reappeared.

Google still lists this site as dangerous. The stopbadware.org review of this site began on March 2nd. There has been no update or progress listed. How can I expedite this process? The client is eager to leverage their site for the promotion of their business.

Thank you in advance.

Discussion about ocallaghanmotors.com

contact@badwarebusters.org (tomgrizzly) — Mon, 08 Mar 2010 08:18:24 -0500

Can anyone see where walware is inserted on these pages? Google report says “Malicious software includes 8 scripting exploit(s), 4 trojan(s).” Does this mean that code embedded in the HTML or another file sitting on the server?

Please help me

contact@badwarebusters.org (srinukeerthi) — Mon, 08 Mar 2010 07:18:15 -0500

I found virus in my pages. And deleted the code. And also deleted the files in ftp server. In ftp server no files. But it displays your site be attacked from virus. Then what am i do. So please help me. My site name is onlinemedicines.us

Google reports badware on my site 10 days ago i remo...

contact@badwarebusters.org (larswp) — Mon, 08 Mar 2010 07:04:13 -0500

Google reports badware-related activity on larswp.dk/ as of Feb 27th 2010.
This was correct and I removed all pages generated some new ones without virus and requested a new review. since then nothing has happened seems like Google still think there is virus on the site but i am sure there is none, do anybody have any suggestion for what i can do?

Badware appear on my site

contact@badwarebusters.org (kenverity) — Mon, 08 Mar 2010 06:39:00 -0500

here is badware appaer on my site by google..
my site is http://www.kenverity.com

plz suggest me wht to do..

reply soon

thanks