[WeWatch]

The maislex.net type of website infection is an off-shoot of the martuz/gumblar infections. It's usually the result of a virus/trojan on one of the PCs used to update the website.

What it does is scans your PC looking for any stored username and passwords. If it finds them in FTP software, it sends them and the IP of the website(s) to a server. That server then connects to the website, with the stolen FTP credentials, injects it's infectious code and then starts checking it to see if you've removed their code. If you have, then it tries to re-inject it.

Steps you should take:

1. Scan all PCs with a new anti-virus program. Whatever you're using now isn't good enough because this virus already knows how to hide from it. If you're using AVG, try Avast or Avira. If you're using McAfee, use AVG. You need to use a different AV program than what you were using when you became infected.

2. After scanning and cleaning all PCs that connect via FTP to your website, change the FTP password to your site. Change all of them if you have more than one username.

3. Download your site, scan every file for malicious code. Anything that you didn't put there should be removed because the cybercriminals are very good at obfuscating their malware. If you need help finding all the malicious scripts in your site, post the name of your site here and we'll help you.

4. Re-upload your site.

5. Login to Google webmasters tools and request a review of your site. If it's clean, Google will then remove that warning. You may have to verify your site with Google before you can request a review. Follow their steps and you'll be fine.

Post back here with your results or questions so that others may learn from your experience.