I took over hosting two small sites a month ago. The sites are both PHP and are on my Linux VPS. last month I started a Google PPC campaign for my client. Last week, we received an email from Google that they found malware on both sites.

I don't create or approve of anything like that. Google did not provide any information regarding where the malware is. i have both sites downloaded on my local drive and have run scans on both using multiple spyware/malware utilities and nothing is found.

Can anyone provide assistance on identifying malware on a site?

Your assistance is greatly appreciated.


9 Years
Discussion Span
Last Post by almostbob

Hi! It might be worth running through these guidelines as to check if your site has been comprimised and how to fix it: http://www.stopbadware.org/home/security

Stopbadware also work with google so you might have already seen this link on the e-mail you recieved.

Hi Steve,

I've already reviewed that site but it doesn't help me identify where on the site Google identified malware or what I should delete to eliminate it.

I appreciate your posting.



Could the sites be linking to sites with malware? That was one of the points they said to check out.


There are several possibilities:

- The notices from Google might have been phake, used for phishing purposes.

- Links from the site might point to sites containing malware. They might also point to sites that point to sites containing malware.

- Some malware software identifies most cookies as malware.

- It's rare, but I once had a malware detection program identify an image I took with my own camera as containing a virus. It turned out that the bit patterns in part of the image matched the bit patterns in a known virus. Slightly changing the brightness level of the image fixed this.

- Some detectors see certain scripts as malware.

- If the notices are based on user reports, a user might have reported malware he already had, because it started to manifest itself while he was viewing your page.

- Likewise, a user might have reported malware that was caused by another internet node pretending to be your page.


many advertising sites have had malware issues before
If you have embedded advertising scripts those sites that host the script could be the only source.

If the google email were correct, and not a phishing run,
the detail will be available at the google webmaster tools page, instructions on site
Take ownership of the sites at Google, instructions on site
then you can access logs and error reports. instructions on site
When you do take ownership of the sites, remove the prior access key, -you guessed- instructions on site

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.