When I search Google for my website, I enter Jonathan Wentworth Associates.
As expected, the site appears at the top of the list. When I click the URL link at the end of the entry it takes me to the site.
However, when I click on the "title" link at the top of the entry it re-routs "people" through to a different URL in seconds and to the trojan.exploit.131 Trojan. If they do not have the latest McAfee or Norton it downloads the Trojan to their computer. McAfee and Norton seems to clean it but our concern is for those who are not real savvy or as committed to keeping their virus protection software up to date.
I assume I have no control over this and it seems there is no real way to contact anyone at Google to find out how to fix this problem.
As John wrote, maybe give more details. Do you mean the results in a google.com search? I still do not understand what links you mean, which is the wrong one and which is the correct one.
You should be able to see the URL in the status bar of the browser when you hover over a link, without clicking on the link.
Is the URL pointing to the trojan malware URL from your site?
You can see the exact URLs of links in a Google search result page if you look at that page with 'view source' from your browser.
> When I search Google for my website, I enter Jonathan Wentworth > Associates.
> As expected, the site appears at the top of the list. > When I click the URL link at the end of the entry it takes me to the > site.
> However, when I click on the "title" link at the top of the entry it > re-routs "people" through to a different URL in seconds and to the > trojan.exploit.131 Trojan. If they do not have the latest McAfee or > Norton it downloads the Trojan to their computer. McAfee and Norton > seems to clean it but our concern is for those who are not real savvy > or as committed to keeping their virus protection software up to date.
> I assume I have no control over this and it seems there is no real way > to contact anyone at Google to find out how to fix this problem.
It sounds like your site was hacked. What you need to do is clean it up. Look for changes in .htaccess (or the addition of such a file in any and all folders - web.config if you are on a windows server). Also check your cgi-bin and notify your hosting provider once you find any altered files. If you do not find any, than still contact your hosting provider so they can see what method is being used to redirect from your URL's to the malware site.
> When I search Google for my website, I enter Jonathan Wentworth > Associates.
> As expected, the site appears at the top of the list. > When I click the URL link at the end of the entry it takes me to the > site.
> However, when I click on the "title" link at the top of the entry it > re-routs "people" through to a different URL in seconds and to the > trojan.exploit.131 Trojan. If they do not have the latest McAfee or > Norton it downloads the Trojan to their computer. McAfee and Norton > seems to clean it but our concern is for those who are not real savvy > or as committed to keeping their virus protection software up to date.
> I assume I have no control over this and it seems there is no real way > to contact anyone at Google to find out how to fix this problem.
> When I search Google for my website, I enter Jonathan Wentworth > Associates.
> As expected, the site appears at the top of the list. > When I click the URL link at the end of the entry it takes me to the > site.
> However, when I click on the "title" link at the top of the entry it > re-routs "people" through to a different URL in seconds and to the > trojan.exploit.131 Trojan. If they do not have the latest McAfee or > Norton it downloads the Trojan to their computer. McAfee and Norton > seems to clean it but our concern is for those who are not real savvy > or as committed to keeping their virus protection software up to date.
> I assume I have no control over this and it seems there is no real way > to contact anyone at Google to find out how to fix this problem.
> When I search Google for my website, I enter Jonathan Wentworth > Associates.
> As expected, the site appears at the top of the list. > When I click the URL link at the end of the entry it takes me to the > site.
> However, when I click on the "title" link at the top of the entry it > re-routs "people" through to a different URL in seconds and to the > trojan.exploit.131 Trojan. If they do not have the latest McAfee or > Norton it downloads the Trojan to their computer. McAfee and Norton > seems to clean it but our concern is for those who are not real savvy > or as committed to keeping their virus protection software up to date.
> I assume I have no control over this and it seems there is no real way > to contact anyone at Google to find out how to fix this problem.
When I do a google search for Jonathan Wentworth Associates the first result is:
Jonathan Wentworth Associates, LTD Welcome to Jonathan Wentworth Associates, a respected resource for world-class orchestral soloists, conductors, opera, chamber music, chamber orchestras, ... www.jwentworth.com/ - 19k - Cached - Similar pages - Note this
The: Jonathan Wentworth Associates, LTD is highlighted and is a link to the web site. If you place the mouse over the link, it shows http://www.jwentworth.com. However, if you click the link it immeately attempts to download the trojan. My McAfee immediatly blocked it.
> When I search Google for my website, I enter Jonathan Wentworth > Associates.
> As expected, the site appears at the top of the list. > When I click the URL link at the end of the entry it takes me to the > site.
> However, when I click on the "title" link at the top of the entry it > re-routs "people" through to a different URL in seconds and to the > trojan.exploit.131 Trojan. If they do not have the latest McAfee or > Norton it downloads the Trojan to their computer. McAfee and Norton > seems to clean it but our concern is for those who are not real savvy > or as committed to keeping their virus protection software up to date.
> I assume I have no control over this and it seems there is no real way > to contact anyone at Google to find out how to fix this problem.
> When I do a google search for Jonathan Wentworth Associates the first > result is:
> Jonathan Wentworth Associates, LTD Welcome to Jonathan Wentworth > Associates, a respected resource for world-class orchestral soloists, > conductors, opera, chamber music, chamber orchestras, ...www.jwentworth.com/- 19k - Cached - Similar pages - Note this
> The: Jonathan Wentworth Associates, LTD is highlighted and is a link > to the web site. If you place the mouse over the link, it showshttp://www.jwentworth.com. However, if you click the link it > immeately attempts to download the trojan. My McAfee immediatly > blocked it.
> Does that help?
> Thank you
> On Aug 21, 8:50 am, kwkcae wrote:
> > When I search Google for my website, I enter Jonathan Wentworth > > Associates.
> > As expected, the site appears at the top of the list. > > When I click the URL link at the end of the entry it takes me to the > > site.
> > However, when I click on the "title" link at the top of the entry it > > re-routs "people" through to a different URL in seconds and to the > > trojan.exploit.131 Trojan. If they do not have the latest McAfee or > > Norton it downloads the Trojan to their computer. McAfee and Norton > > seems to clean it but our concern is for those who are not real savvy > > or as committed to keeping their virus protection software up to date.
> > I assume I have no control over this and it seems there is no real way > > to contact anyone at Google to find out how to fix this problem.
To repeat what Dori wrote, do not follow or check the link to that URL.
It is possible that it depends on the user agent and it is malware when the user agent is a browser and not a bot.
You have to ask your web hosting provider to check this thoroughly and remove what corresponds now on the server to this URL and to check if there is other malware.
We will see what we can find. Just as info for you we downloaded the entire site to our computer and did a virus scann and found nothing in the pages or cgi-bin materials. We also checked the page completely for redirects tht could have been hidden and found nothing.
We are going to approach the web host about this.
Though we are still not sure where we are - Again thank you for all your help.
> To repeat what Dori wrote, > do not follow or check > the link to that URL.
> It is possible that it depends on the user agent > and it is malware when the user agent is a browser > and not a bot.
> You have to ask your web hosting provider > to check this thoroughly and remove what > corresponds now on the server to this URL > and to check if there is other malware.
The trojan isn't in your pages. When calling your domain, a process activates that redirects the user to an IP address which then;
1: puts up a fake McAffee Screen 2: attempts to auto install the trojan 3: has a message telling users to basically "click here" to start the download to protect themselves. The download is yet another virus.
It sounds to me like you are clueless on how these things work. You need to contact your hosting provider.
> We will see what we can find. > Just as info for you we downloaded the entire site to our computer and > did a virus scann and found nothing in the pages or cgi-bin > materials. We also checked the page completely for redirects tht > could have been hidden and found nothing.
> We are going to approach the web host about this.
> Though we are still not sure where we are - Again thank you for all > your help.
> kwkcae
> On Aug 21, 2:38 pm, cristina wrote:
> > To repeat what Dori wrote, > > do not follow or check > > the link to that URL.
> > It is possible that it depends on the user agent > > and it is malware when the user agent is a browser > > and not a bot.
> > You have to ask your web hosting provider > > to check this thoroughly and remove what > > corresponds now on the server to this URL > > and to check if there is other malware.- Hide quoted text -
