A malware indexed 260000 bad url in google ! How can i force to de index them?

The website www.example.es had a malware attack a few months ago. This malware managed to google thousands of fake urls. Typing “site: nolter.es” in google, 260,000 results appear, all of them with Chinese, Japanese characters, …

Two weeks ago I removed the website completely and installed a temporary clean website (while we develop a new website). With G.Search Console I indexed the new home, create the new “sitemap” (http://www.example.es/sitemap.xml) and robots.txt.

However, today 260,000 false urls continue to appear indexed in google.
How can I remove all those urls from google indexing?

A malware indexed 260000 bad url in google ! How can i force to desindex them?

The website www.example.es had a malware attack a few months ago. This malware managed to google thousands of fake urls. Typing “site: nolter.es” in google, 260,000 results appear, all of them with Chinese, Japanese characters, …

Two weeks ago I removed the website completely and installed a temporary clean website (while we develop a new website). With G.Search Console I indexed the new home, create the new “sitemap” (http://www.example.es/sitemap.xml) and robots.txt.

However, today 260,000 false urls continue to appear indexed in google.
How can I remove all those urls from google indexing?

malware – Is it possible to achieve persistence in Windows through using WinLogon without touching userinit, notify, or shell keys?

I am interested in finding out if it is possible to achieve persistence through winlogon without using one of those 3 mentioned keys. I am trying to determine if it’s safe to ignore registry key entries made into Winlogon parent directory. I’ve never seen an instance of malware achieving persistence through winlogon without using any of those keys, does anyone know of any techniques?

malware – My HP Envy (laptop) crashes

In my laptop , windows crashes a lot . I’ve reset and reinstalled windows, but the problem is persistent .First the windows 10 blue screen appears and then the pc restarts to a screen(Screenshot linked). I think it’s a malware that already found its way to the bios. And it boots just after multiple tries.

Any suggestions for the problem?

The Screenshot

security – As the Bitcoin price skyrockets, how to avoid getting malware through freeware/FOSS software’s updates?

We have a situation now where the vast majority of software I have installed on my computer (Windows 10, since there are no other supported versions of Windows) are either aging one-man freeware applications which haven’t changed almost at all for the last 20 years, or open source projects of typically similar stagnation. I can sense the frustration from both of these groups, many of which have entirely abandoned/dropped their projects. Countless are in a seemingly perpetual state of very slowly dying, and all too many are what can best be described as “undead”.

As these probably honest idealists watch the years go by with essentially no donations coming in, nobody buying their commercial licenses/support, and big companies just stealing their work without giving any credit and with no regard to the license, then make tons of money from it, and especially now with the Bitcoin price ever increasing to crazy new heights, I can very much imagine that even the most good-hearted but struggling, disillusioned freeware/FOSS developer at the very least has the recurring thought:

Ah! Screw this! Eight million unassigned/unresolved bugs, zero donations for the last 15 years, not one license purchased by any company ever, nothing but demands and rude users… and XYZ has just used my software to make a fortune… I’ve had it! I’m going to push a piece of malware in the next update so that all those bastards will get all their wallet.dat files uploaded to me, of course using proxies! Hah! I estimate that at least a few of them will own Bitcoin and have Bitcoin Core running. And those who don’t won’t ever notice anything anyway! Bwahahahaha! Within a few weeks, I’ll be relaxing on my own tropical island, drinking colorful drinks at the beach! No more slaving away at this keyboard for nothing! You’ll see! Just you wait… rubs hands with a twisted facial expression

You may say that they have a reputation to uphold and people who do this tend to be very honest and would never seriously get tempted to steal. Sure. But it’s still very possible. The more the price goes up, the more scared I become to just see “0.00” balance in Bitcoin Core the next time I look at it. Let’s face it: there is zero security in practice. I’m trusting complete strangers every second my PC is powered on to not steal from me. There is no possible reasonable way for me or anyone else to possibly somehow “go through” others’ programs, if they even provide source at all, and then locally compile everything. It just isn’t reality, even for the most hardcore geeks.

They could even have planted the malware long ago, but are actively waiting until the day Bitcoin is worth over X amount to go through with this. Perhaps they already have detected how many of their users have Bitcoin wallets on their machines, and how much they contain. They can precisely calculate the risk in advance and decide that it’s finally worth it to go through with it. And if ever confronted, they can just give the same excuse that all these companies always do when they leak customer data: it was “a bug/technical glitch/we got hacked/we take your privacy very seriously blablabla…” It’s not like the “gone evil” developer who does this is going to be standing with a black cape, twirling his moustache while mocking his victim with clever one-liners. He would just be gone, just like our coins. They would deny any involvement, even if it’s known exactly who runs the software project or is primarily responsible. (Which is not always the case.)

Even Microsoft themselves (or told by the government) could decide to just have me pay a little “Bitcoin tax” with their next Windows update. And then claim that it was a bug, or that I’m lying. Have you ever tried to get in touch with anyone at Microsoft who isn’t a robot, and who actually understands a single word of English? It’s impossible, even for a developer. Nobody would ever hear me complain, and even less would believe me.

Here’s the problems I have with all predicted solutions:

  • “Use a dedicated computer (maybe Raspberry Pi) running Linux just for Bitcoin Core stuff.” — Very impractical. I don’t have the physical space, plus it would be a horrible pain to actually make any transactions/use it. They also make it impossible in practice to encrypt Linux running on a RPI. (Long story…)
  • “Use a hardware wallet.” — Costs money to buy, difficult to get home, are not as secure as one would think, also very impractical (though less so), and most of all: it is basically hard proof to the authorities (and burglars) that you own Bitcoin. Plus the recent leak of home addresses and other personal data of tons of customers of Ledger makes it impossible for me to ever trust that company…
  • “Print them onto paper and keep the papers in a fireproof safe.” — Again a massive problem with authorities, and once seized, there is zero security since the private keys are right there on the paper. Or if the fireproof safe isn’t as fireproof as expected…
  • “Let a third party store your coins for you! Trust the cloud! Web 3.0! Just log in with your Google account!” — This one doesn’t even deserve a comment…
  • “Use anti-virus and keep your software and OS patched blabla…” — The issue is not trusting those… both in the sense that they might be malicious themselves, or through incompetence allow others to break in to my system via their broken software.
  • “Use an app in your phone.” — Please… don’t…
  • “Use Quebes OS.” — Well, I tried, but it doesn’t even install on my hardware. My experience with that OS is that it’s very frustrating to use, when it does run. Perfect in theory, though. I wish something like that “really” existed, and ran on secure hardware.
  • “Just be careful.” — This is nonsensical advice. There is no possible way to know or prevent if any given EXE is going to do something bad when it’s running unhindered on my host OS. “Being careful” means nothing if, at the end of the day, you are still required to execute a program on your machine which is not completely sandboxed. And sandboxing is apparently the most difficult problem ever to exist, since nobody ever manages to do it properly…
  • “Use a VM!” — Well, I do, for some things which I really don’t trust on my main OS. However, this is extremely cumbersome and tiresome, and I can’t run everything in a VM. I simply have to trust several entities on my host OS which may at any moment decide to “go rogue”. Unless there is something which I haven’t heard of which solves everything neatly and perfectly…

What to do? If I feel this scared at $40k USD Bitcoin, what kind of nervous wreck will I be when it reaches $1,000,000 per Bitcoin?

I just don’t see any solution. I’ve through extremely long and hard about this and tried so many things, both in reality and inside my head, and none of them work out. I know they are either not secure or so cumbersome that life becomes a massive chore. There’s also the problem of having very little physical space and basically only one computer.

html – How can I find and remove WordPress malware resulting in URLs with this styling: / top:0; left:-9999px

Alright, I managed to solve it.

I know that “one size fits all” is not the case with malware. I asked for extra thoughts as someone might have a hint how to approach it as I’m well informed and capable of dealing with these situations through the years.

After numerous failed attempts to search various strings, trying to encode few words in hex and search those, searching through plugins etc. I inspected the cached .html file and noticed that these links were hidden under WooCommerce delivery-info div.

I then searched delivery-info string through all the WP files and I got around 50 hits. I found a suspicious line that one of the developers added, which was calling delivery-info div together with $content string.

I then searched $content string through all the plugins with numerous hits. After searching for a while I finally found the script that was causing it. It was hidden in WPBakery – js-composer/include/inc.php file which should not have existed. One of the lines from the file:

$abc1 = '' . $divclass . '<a href="'.sanitize_context_zero("aHR0cHM6Ly93d3cudGhld3BjbHViLm5ldA==").'">' . $array(array_rand($array) ) . '</a></div>';

I deleted that file & then searched inc.php with a hit in js-composer.php calling for it.

malware – How to sanitize the Capitol after the physical breach?

On January, 6, 2021 we’ve seen a number of people storming the Capitol in Washington D.C.

As they were there inside for 1,5 hours with no supervision, and as there was no prior checking of who they are, it is possible that some of them could have come with an intention to organize an attack on the digital infrastructure of the building: planting mics or cameras, installing malware on the unlocked PCs (or even locked, as they were physically in their hands), reflashing firmware, and so on.

What is the right sequence of actions (especially given the potential state actor threat — this is not just a private house, this is the home of the U.S. Congress and government) to assure back the trust in the infrastructure of the Capitol?

html – WordPress malware / top:0; left:-9999px URL’s

I’m breaking my head for 2 days with this one, and would appreciate some extra thoughts.

These links are found in wp-content/cache/wp-rocket .html files only, while they are not present on the actual real-time pages.

I have tried searching in all files various strings: -9999, thewpclub, sorry_function. I searched through the database, but could not find anything at all.

WordFence & Sucuri are not finding any weird script within the files.

This was the closest problem someone had:

https://stackoverflow.com/questions/42901355/malicious-text-appears-in-all-pages-and-posts-how-do-i-get-rid-of-it

<a href="https://www.thewpclub.net">Premium WordPress Themes Download</a></div><div style="position:absolute; top:0; left:-9999px;"><a href="https://www.themeslide.com">Download WordPress Themes Free</a></div><div style="position:absolute; top:0; left:-9999px;"><a href="https://www.script-stack.com">Download WordPress Themes</a></div><div style="position:absolute; top:0; left:-9999px;"><a href="https://www.thememazing.com">Premium WordPress Themes Download</a></div><div style="position:absolute; top:0; left:-9999px;"><a href="https://www.onlinefreecourse.net">free download udemy paid course</a></div><div style="position:absolute; top:0; left:-9999px;"><a href="https://www.frendx.com/firmware/">download xiomi firmware</a></div><div style="position:absolute; top:0; left:-9999px;"><a href="https://www.themebanks.com">Download WordPress Themes Free</a></div><div style="position:absolute; top:0; left:-9999px;"><a href="https://downloadtutorials.net">udemy free download</a></div></div></div></div>

malware – Is it safe to enable a guest’s firewall on a virtual machines?

On my host machine, I have the firewall on, of course, but while using my virtual machine (guest) should I enable the OS’s firewall on that too?

Or would is that unsafe if I got malware?

I saw somewhere that if I got malware, the firewall being on would help the attacker get into my network.

malware – Is it safe to view a file on Google Drive?

Let’s unpack this:

“… Can I safely view these types of files on a google drive (without downloading them)…”

When you view or edit a remote file, you are downloading it. You can see it only because it’s on your computer. Depending on circumstances it may only be in memory, it may be written to a temp file, it may be in chunks if the file is exceptionally large, but it’s on your computer.

“… images, mp4s, word, PowerPoints and pdf documents … nothing executable and no programs …”

Images like JPGs or videos like MP4s are not going to carry executable malware outside of torturous logic involving steg and third party executable malware. There have been some extremely rare exploits against graphic driver flaws in the past but the odds of encountering that are just about zero.

However there are a number of file types that are executable that might not seem like it and can carry malware . The old Windows “.wmf” graphic file contains an executable capability. So too might all Windows Office files like PowerPoint. Adobe PDF, while really convenient, has a very long history of many and continuing security issues with dangerous executable capabilities, that’s why there’s concerted effort industry wide to stop using PDF.

“…Can I safely view these types of files … from an uninfected laptop or is best to use a Chromebook?”

I’m guessing you are referring to using a different operating system than Windows, under the assumption of Windows only malware? Using a different operating system will help provide a buffer, but cross platform malware is not unusual in scriptable mechanisms such as MS Office and PDF’s.

How likely is it that you may encounter these types of malware I can’t say. The safest way to handle it is to use a non-persistent OS that can’t be infected past a power cycle. (Yes there are extremes of BIOS/GraphicCard/etc modifications but it’s not a significant concern.)