Google Says: "This Site May Harm Your Computer!" Some Assistance Appreciated.

One of my sites says below my title in Google, "This site may harm your computer" Hostgator contacted me on September 8 regarding it. They removed the badware according to them, then yesterday (Sept. 15) Google places the popular site of badware precaution to everyone who sees my site on the top of Google.

I submitted everything through review yesterday to stopbardware.org and to Google yesterday, however, today I found the following code twice on the code of my site:

Hostgator removed the badware according to their scans through their system, but still I found the above code on my website. The particular google-analytics.com with all the related extension seem to be the problem. I did removed it few minutes ago.

Anyone know the waiting period for a review of Google or stopbadware.org? What can I do to speed up the process? 100's of top keywords in top rankings are in jeopardy...so just imagine

If someone has a specific phone number to Google, PM me as it could help. There is always a hidden workable support number just like Amazon and eBay has somewhere.

Your thoughts and comments on this is surely appreciated.

Thanks,
Joaquin
p.s- Sure hope Google doesn't ban my site and blacklists it...

 

You think Google is mistaking their own Analytics code for malware? Unlikely.

 

Type the site on Google search box and see the potential pattern back on my site. Type: http://www.google-analytics.com on Google search box.

What you think?

The particular site isn't from Google.

Anyone else have clues?

 

That look like Google Analytics.. Make sure there are no suspicious file on your directory..

 

Will call Google tomorrow for this, it surely not Google Analytics but thanks for the suggestions mate. New learning experience from Google indeed. If I found an irregular lines for Google I might post it here later. Just have the same number anyone can easily search for online.

Google and there surprises oh well...sausage and omelets in a few hours

 

ya that google analytics, that can be old url

 

Many posters online report that it has taken them 3 to 5 weeks to get the "This site may harm your computer" warning removed from their SERPs.

After you had the infectious code removed from your site, did you determine the method of infection? If not, the hackers will be back and re-infect your site.

Cyber criminals love highly trafficked web sites. It helps them distribute their malware even faster.

PM me if you need further assistance.

 

http://www.google-analytics.com/urchin.js is 100% Google Analytics. 100% legitimate code. But if you don't use analytics yourself or your account ID is not "UA-553907-1", you definitely need to remove the code - someone must be spying on you.

BTW, you are right. Some malware sites register fake Google Analytics domains. Here are some fake domains I saw:
google-analyz.cn, google-analyze.cn, analytics-google.info, gooqle-analytics.com (note "Q" instead of "G" in the last one)

 

In working with many people on their hacked websites, most website owners or webmasters, designers, etc. miss the real infection and see various "things" in their html that they don't remember putting in there themselves.

Quite often the initial reaction is, "I'm not infected! This must be a false positive." Which just delays the entire process.

Also everyone should note that Yahoo has teamed up with McAfee and is doing a similar warning through SiteAdvisor. I'm sure MSN will be close behind with their own warning system.

 

The thing is that once you type this website on Google search box:
http://www.google-analytics.com/urchin.js

The site appears to be infected and I had that URL in my code. So yes, this was the one I had in part of my code. I just did a few coding projects in RAC, but it din't include work in this website. All other sites are ok as far my scanning and long hours of talk with Hostgator.

Thanks for the average time comment "WeWatch".

 

Something Odd about that URL
Analytics URL is http://www.google.com/analytics/
Hmmm??

 

It simply redirects to the normal analytics URL. What is wrong about it?

 

this warning message is pretty annoying and i dont see point of that.
Ratebeer website got this error and im wondering how is it possible to get this damn warning, can i use browser which will nto show this wartnings?

 

My PHPBB component of my site also got hacked with phishing scam. It was my fault and my password wasn't strong enough. Luckily hostgator attended to it quick and resolved it within a half hour or so of the hack and I didn't get on the Google bad list. I hear that once you get on that list, it's harsh and google treats you like webmaster that doesn't know how to protect your site sinking your SERP and never allowing it to rise to previous levels even after several years.

 

dadaas,

I would say that when Google slaps that label on someone's SERP they're about 99.99% sure that there is infectious code on that web site.

I wouldn't recommend you look for ways to circumvent their warning. I would look for a different website to visit.

Of course, if you really want to test your luck, you can just type the URL into your browser and totally bypass Google SERPs.

But be forewarned! You'll face certain infection attempts.

 

Note that google returns "www.google-analytics.com.urchin.js.4traff .cn" not http://www.google-analytics.com/urchin.js. Just another domain that mimics Google Analytics. And that Chinese domain can really be dangerous.

Your http://www.google-analytics.com/urchin.js is 100% legitimate.

 

Ratebeer site was affected by SQL injections. Untill they have removed the malware code, site visitors without decent antivirus/antispyware protection were attacked by malicious scripts which silently downloaded and installed trojans on visitors' computers. Now the Ratebeer site seems to be clean and soon Google should remove the warning.

Lots of other websites have been affected by the same attack. You can use this google search to get the idea:
http://www.google.com/search?q=crtbond.com
Many of those sites are still infected so I don't advise to click on those links.

 

I used intext:ngg.js as a search term and got a list of 17,000,000 websites.

Many of those have the "This site may harm your comptuer" slappage on the listings.

DO NOT VISIT THEM!

Just an easy way to see how many websites are infected although many of these are blog and forums discussing how websites became infected.

Just an FYI...

Nice work UseShots!

 

Your are right

This intext:ngg.js search reveals sites vulnerable to SQL injections. The fact this script appears as text rather than actual script means that hackers managed to inject the script code into web site's database. And the site used the infected database fields to generate titles and some properly sanitized text snippets. However if some of the text snippets are not properly sanitized, the site becomes dangerous and may infect its visitors.

 

That legitimate Google Analytics extension site also has a "This site may harm your computer" once you hit a search on Google as you can appreciate.

Either way you surely know your material, did a research here and there. Read my PM.