why weaver ii website listed as harmful ?

I get the following WordFence alerts after updating to Weaver II 2.0
———————————————–
Wordfence found the following new issues on “-website-“.

Alert generated at Wednesday 28th of August 2013 at 09:25:56 AM
Critical Problems:

* File contains suspected malware URL: /home/-website-/public_html/wp-content/themes/weaver-ii/js/weaverjslib.js

* File contains suspected malware URL: /home/-website-/public_html/wp-content/themes/weaver-ii/includes/lib-admin.php

* File contains suspected malware URL: /home/-website-/public_html/wp-content/themes/weaver-ii/includes/admin-pro.php

* File contains suspected malware URL: /home/-website-/public_html/wp-content/themes/weaver-ii/readme.txt

* File contains suspected malware URL: /home/-website-/public_html/wp-content/themes/weaver-ii/includes/lib-runtime.php

* File contains suspected malware URL: /home/-website-/public_html/wp-content/themes/weaver-ii/style.css

* File contains suspected malware URL: /home/genev241/public_html/wp-content/themes/weaver-ii/weaver-ii-child-demo/style.css

* File contains suspected malware URL: /home/-website-/public_html/wp-content/themes/weaver-ii/help/help.html
———————————————–

Looks BAD – what’s the fix please?

Oh, so glad I didn’t upgrade yet!!!!

I deleted the Weaver II 2.0 theme and re-installed Weaver II 1.3.8 from a local zip copy. That seems (fingers crossed) to have fixed the problem – a WordFence scan no longer reports any malware or theme problems.

I have the same problem. Warnings of malware in my Weaver ii installs.

Also visiting Weavertheme.com has Google warnings regarding malware. Please, fix the problem.

I also have a site where I am running pro, and because Weavertheme.com has been listed by Google as a potential malware site, my scan also flagged that installation as being a problem. When I re-uploaded my pro files the problem seemed to go away, but it may have something to do with the Weavertheme.com site

I certainly don’t know, but I use this theme on several websites, so please get your website and the install files clean for us. Thanks.

I’m getting the same browser warnings. I sent them an email, went to their Facebook page, and tweeted them about it, but haven’t gotten any response yet. I mentioned this page as well.

Since I haven’t had any problems using Weaver II, I upgraded one of my sites almost immediately on seeing it on the Dashboard. After upgrading, I hit the link to the support site and got blocked. Then noticed there were problems with the header, so I knew something was wrong.

I did the same thing as Ruben above. Thanks for the heads up. I downloaded a clean version 1.3.8, deactivated the 2.0; deleted it from the server, and loaded up the clean v1.3.8 copy. Everything looks just fine.

But, since I hadn’t been following any news on Weaver in a while, I was surprised at the big jump from 1.3.8 to 2.0. Now that it looks like their site was hacked, I suspect that the 2.0 upgrade may have been as well.

I hope the Weaver team will find this and begin responding: First to the issue, and then getting the word out on what happened…and why. But, you know, these guys have done a great job with the theme and they deserve a little patience. It’s fairly obvious they got hit hard today in different directions.

Still on 1.38 (Weaver II) and 1.28 (W II Pro). Seconding the hope that 1) we can get some information and 2) get this fixed.

But I’ll also second HunterGatherer “these guys have done a great job with the theme and they deserve a little patience.”

Same report from WordFence as RubenDaSilva above. Using WII-Pro 1.3.8 for a long while with no problems until today.

Under “Firstly Read This Thread” at https://www.ads-software.com/support/theme/weaver-ii , Weaver says “PLEASE – do not ask Weaver II related questions here. You will NOT get a timely response as all Weaver II support is available at our own support website: https://forum.weavertheme.com “

Except I cannot access that address: “This web page at forum.weavertheme.com has been reported as an attack page and has been blocked…”

Sure hope Weaver somehow gets a “heads up” to check over here!

I get the same errors on Google Chrome for the forums and the homepage.

This is a link to the Google diagnostics for the forums:
https://www.google.com/safebrowsing/diagnostic?site=https://forum.weavertheme.com/discussion/4946/header-image-size-not-working&hl=en

This is for the homepage:
https://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fweavertheme.com%2F&client=googlechrome&hl=en-US

These are the errors I get in Internet Explorer 10:

Most likely causes:
?You are not connected to the Internet.
?The website is encountering problems.
?There might be a typing error in the address.

Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)
Timestamp: Thu, 29 Aug 2013 00:18:04 UTC

Message: Unspecified error.
Line: 49
Char: 5
Code: 0
URI: https://www.youtube-nocookie.com/embed/dupc_AQy3Jk?list=UU2ZrfbG3tLmJC3FSfB7WxMg&vq=hd720

Just had to ‘Restore’ ten websites as a result of downloading this upgrade. CAUTION Do Not Upgrade. Google is not in Error.

Wordfence detects the malware spying code. Same errors as everyone else.

Latest posted announcement from Weaver:

WeaverTheme.com was hacked yesterday, and unfortunately I was offline and unable to do anything until now.

The sites are restored, and should be off the Google blacklist shortly.

NOTE: the Weaver II Theme itself has NOT been compromised. Some WordPress hack check plugins follow all links in plugins and themes, and if the LINK is listed as bad (e.d., weavertheme.com), then the plugin issues all sorts of dire warnings. This is really unnecessary – the theme or your own site has not been hacked – just weavertheme.com.

Sorry to hear about that, Chris. Any idea who did it?

Not my site or my product. Just re-posting his announcement. He hasn’t posted any additional detail.

I suspected his site had been the victim of an attack. The Wordfence warning is most useful when the block has been present for some time, as it implies that a plugin may have support issues.

In this case, it was apparent from discussion in this forum that it was a new issue and thus was probably a temporary situation. I could see in the files that nothing was actually being pulled from the damaged site, so my sites were not threatened.

Glad that it has been repaired.

Hi,

I received this note back from Bruce yesterday:

https://www.WeaverTheme.com was somehow hacked with a malware script. I was off in the wilderness when this happened. Fixed now, but it will take a day or so to clear Google’s list.

But thanks for caring enough to report the problem – I got home to a full inbox! Very unhappy experience.

Don’t know how the site was hacked, but it was not due to Weaver II itself.

Weaver

—————-
Many thanks to Bruce Wampler at Weaver for following up on it. It looks like everything is back up on the site. Thanks Bruce. You and your team are great.

Sorry, I don’t normally monitor www.ads-software.com support.

It is still unclear just how the site was hacked.

It is most unfortunate that the hack coincided with the release of Weaver II 2.0. Several people have mentioned to me that this may have been intentional.

Whatever, I’ve gotten the hack cleared, significantly minimized the number of plugins used by the site, and spent time hardening the site from future attacks.

But I would like to repeat – the Weaver II theme itself was not compromised, and the versions you can download from both here at www.ads-software.com and the Pro version are not compromised.

And a word about Wordfence – it checks files on your site for links to other sites – even down to checking for site names in code comments. If there is a link to a site listed by Google as bad, then you get a warning. Wordfence must be using a cached version of the Google list as it was still issuing warning long after Google had cleared weavertheme.com. If you followed the link back to the Google report, you would see the site was listed as okay again. I do wish that Wordfence would make it much more clear that YOUR site is okay in these cases – it is just a link to another site – and one that for the most part was probably hacked, and not one intentionally having badware.