• Resolved kirksgirl1997

    (@kirksgirl1997)


    HELP! All of a sudden, my site says it contains malware:

    Attackers currently on lehighvalleywomansjournal.com might attempt to install dangerous programs on your computer that steal or delete your information (for example, photos, passwords, messages, and credit cards).
    Automatically report details of possible security incidents to Google. Privacy policy
    Back to safetyHide details
    Google Safe Browsing recently detected malware on lehighvalleywomansjournal.com. Websites that are normally safe are sometimes infected with malware.

    If you understand the risks to your security, you may visit this unsafe site before the dangerous programs have been removed.

    My site name is https://lehighvalleywomansjournal.com/ and I am using Google Chrome.

Viewing 15 replies - 1 through 15 (of 41 total)
  • Hi,

    Do not panic!

    please run a malware scan at: https://quttera.com/

    and post here the report link, then i will help you locate and remove the malware.

    Thread Starter kirksgirl1997

    (@kirksgirl1997)

    Normalized URL: https://lehighvalleywomansjournal.com:80
    Submission date: Wed Sep 16 17:40:37 2015
    Server IP address: 192.232.251.218
    Country: United States
    Server: nginx/1.8.0
    Malicious files: 0
    Suspicious files: 0
    Potentially Suspicious files: 0
    Clean files: 64
    External links detected: 100
    Iframes scanned: 11
    Blacklisted: Yes

    Thread Starter kirksgirl1997

    (@kirksgirl1997)

    Safe Browsing
    Diagnostic page for lehighvalleywomansjournal.com

    What is the current listing status for lehighvalleywomansjournal.com?
    Site is listed as suspicious – visiting this web site may harm your computer.

    Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

    What happened when Google visited this site?
    Of the 67 pages we tested on the site over the past 90 days, 22 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2015-09-14, and the last time suspicious content was found on this site was on 2015-09-14.
    This site was hosted on 1 network(s) including AS46606 (UNIFIEDLAYER-AS-1).

    Has this site acted as an intermediary resulting in further distribution of malware?
    Over the past 90 days, lehighvalleywomansjournal.com did not appear to function as an intermediary for the infection of any sites.

    Has this site hosted malware?
    No, this site has not hosted malicious software over the past 90 days.

    How did this happen?
    In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

    Next steps:
    Return to the previous page.
    If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google’s Webmaster Help Center.

    Thread Starter kirksgirl1997

    (@kirksgirl1997)

    I did just remove BBPress because people just post spam comments in the forum. SO could that be why it say no malicious content found? The rest of this report confuses me and I still cannot get to my site without the malware warning

    Jason King

    (@jasoncharlesstuartking)

    11 iFrames? Seems like a lot. What’s in those? If they’re from external websites, do you trust them? Malicious content might have appeared in them without actually being on your own website as such.

    Thread Starter kirksgirl1997

    (@kirksgirl1997)

    Hi Jason,
    All the iFrames are from youtube and amazon

    Hi,

    I am check another scan here: https://sitecheck.sucuri.net/results/lehighvalleywomansjournal.com

    I managed to locate your malware:

    Please access your admin panel > go to Theme editor > footer.php

    find this tag: <!–visitorTracker–>

    and remove a script that look like this: https://labs.sucuri.net/db/malware/malware-entry-mwjsgen2?web.js.visitor_tracker.001

    Click update. Let me know you have done that so I scan your site again.

    Or you can paste here the entire code of footer so I tell you what to delete.

    Thread Starter kirksgirl1997

    (@kirksgirl1997)

    I am having trouble finding the code!

    Alright! I think I found it:

    Remove this code:

    [ Malware code deleted ]

    Thread Starter kirksgirl1997

    (@kirksgirl1997)

    Ok have deleted visitor tracking from all of those

    Gj! I see more:

    in

    https://lehighvalleywomansjournal.com/wp-content/themes/genesis/lib/js/menu/superfish.compat.min.js
    
    https://lehighvalleywomansjournal.com/wp-content/themes/genesis/lib/js/menu/superfish.args.min.js

    Also check header.php and index.php for any malware script that look like these samples:

    https://labs.sucuri.net/db/malware/malware-entry-mwjsgen2?web.js.visitor_tracker.001

    Look for this code in the entire theme files especially header.php, footer.php, index.php:

    Thread Starter kirksgirl1997

    (@kirksgirl1997)

    Removed those two as well. It won’t let me look at that site. “This webpage is not available ERR_CONNECTION_RESET”

    check my last pm, that’s the code you need to find a delete

Viewing 15 replies - 1 through 15 (of 41 total)
  • The topic ‘The site ahead contains malware’ is closed to new replies.