It’s a nightmare scenario for any business owner. They type in their domain and instead of seeing their site they see an ominous warning message from Google saying that their site contains malware and it will infect your computer if you visit it.
What do you do? Who do you call?
1) Make a note of what Google’s diagnosis is
Click on the “Safe Browsing Diagnostic Page” link contained in the message. Note Google’s diagnosis of what is wrong with the site. Copy and paste the text of the page so you can reference it later.
2) Scan any PCs or Macs that are used to login to the site via FTP, web hosting control panel, or the site’s content management system if one is being used.
This means if you FTP files, login to the web hosting control panel or the CMS’s admin from a computer at work and at home and have one or more staff members do the same all computers must be scanned and rid of any hidden spyware/malware.
3) Change the password used to access the site, FTP, control panel.
Usually these types of malware injections are caused because the password has been compromised on one or more local PCs. We recommend using a 24 character alphanumeric password with upper and lowercase letters (but NOT punctuation).
Here is a handy secure password generator
Do not use common words or phrases in your passwords.
Do not email passwords or leave them in an unsecure location.
Do not enter your new password until after your computer has been scanned and is free of malware and spyware.
4) Have the web master of the site or the web host remove any of the malicious code.
In many cases this may be an easy fix. Most of these types of issues are caused by script injections that place hidden iframes or other bits of code into a site. In those instances, finding and removing the code is usually an easy process. However, in other cases removing the malicious code may require additional diagnosis or even restoring a backup of the site. This is why it’s good to choose a hosting provider that does regular backups of your site automatically in case this last resort is required. Once you are confident that the code has
5) Request a review by Google.
Once these steps have been taken it’s time to request that Google remove their warning message. To do this you or the webmaster must have a Google Webmaster Tools account and verify the site with Google. Verification takes just a few seconds and is usually done by downloading an HTML file from Google and loading it into the main directory of the site. Once the site is verified click on the site profile and then on the “This site may be distributing malware. More Details” link. You will see a link to “Request a Review” with a checkbox that asks you to confirm that you have removed all malicious code. It may take Google a day or more to review and de-list the site on it’s blacklist.
For more general information on malware and how you can prevent it from affecting you please visit http://www.stopbadware.org/home/security