Did your Google ads disapprove due to malicious or unwanted software?
If you are here as your ads got disapproved due to malicious or unwanted software. This obstacle is far from normal when launching a campaign, especially when Google’s disapproval message is unclear. In this article we will guide you in the right direction so you can launch your Google campaign and ad as soon as possible.
Google follows certain ads policies and deviation from these policies will result Google ads disapproval or account suspension. Sometimes you followed all the Google policies but still your ads or account got banned due to violation of some Google hidden policies.
When Google reject your ads due to malicious or unwanted software, you did not anything wrong but Google scanning tools detect something malicious on your website.
Do you know what is malicious or unwanted software?
Google consider the following as malicious or unwanted software: –
Ransomware, computer viruses, worms, trojan horses, rootkits, keyloggers, dialers, spyware, rogue security software, and various unsecured programs or apps.
Software or applications which are missed to be transparent about the functionality that the software offers or the full implications of installing the software; failed to include Terms of Service or an End User License Agreement; packaging software or applications without the user’s acknowledge; making system changes without the user’s consent; making it difficult for website owner to disable or uninstall the software; failing to correctly use publicly available Google APIs when interacting with Google services or products.
An executable file or application that employ in behavior that is ambiguous, unexpected, or that negatively affects the user’s browsing or computing experience. For examples software that shifts your homepage or other browser settings to ones you don’t want, or apps that leak private and personal information without proper disclosure.
WordPress outdated plugins are also considered as malicious software by Google. If you have WordPress website the chance is higher to get your ad disapproved due to malicious or unwanted software.
Google consider redirects to the domain or landing page URL as malicious.
Custom scripts added to the domain or landing page refer to external content considered malicious by Google.
If you’ve included automatic downloads on the landing page. It will be considered malicious. Google says, “The download of the software should only start when the user wishes to download by clicking on a clearly labelled download button.”
If you have included form fields that invite the visitor to submit sensitive information. It will be also considered as malicious. In Google, “The software must not store sensitive information such as bank details without appropriate encryption.”
Fake representation of expected content, for example: “An ad that contains only the words “Download” or “Play” without describing the software for which it is advertising. A “Play” button that directs to a download.
An ad that imitate the display of the publisher’s website and claims to offer content (for example, a movie) but instead leads to independent software.
If you have multiple Google AdWords account for the same business, Google consider it as malicious.
If your website get hacked, will be considered as malicious by Google.
Now there may be two cases:
- You have created your Google ad campaign for the first time and got the ad disapproved due to malicious or unwanted software.
- You have created your Google ad campaign and it was running smoothly but suddenly your ad got disapproved due to malicious or unwanted software.
In both the cases changing ads or adding new ad copy will not help until you resolve the issue from the root.
In our opinion the first case is more complex than the second case, as here you don’t know where the problem is? so it may take time to understand the problem and find the root cause of the disapproval. Here in first case you have to investigate in 360 degree. However, in second case you may guess that you did something wrong in past 2-3 day which leads your ads to disapproval and fix it to undo the changes you did 2-3 days before the disapproval.
How to find malicious or unwanted software across your website?
Check the status of your website in Google Search Console. If you found the issues via search console, please fix it and If Search Console doesn’t report any problems, your site could still have security issues that were detected by Google AdWords. Consult with your webmaster or web hosting provider and use some scanning tools such as StopBadware to find the malicious or unwanted software on your website.
If you still not found the malicious or unwanted software, please contact Google support and ask them to provide some infected links from your website that you can fix it from your end.
Google generally mailed you infected links which are external links, images and infected scripts. Which you will not able to find across your website as these links are in the encrypted form, so ask your webmaster or hosting provider to delete or clean these links from your website. Most common infected links which google will provide are
Try to find the above-mentioned links across your website and remove it if found.
Scan your site with different tools to find the infected file, script, content or links. If you have site built in WordPress then you can also scan your site with different plugins.
How to delete or clean malicious links or content from your website?
Before fixing the infected website, you need to have a backup of your website and to find the infected file or links on your website do a scan via different plugins.
Try to recall whether you and your webmaster made any changes on the website, day before ads disapproval.
Now, try to restore all your website files and database on 2-3 days prior to your ads got disapproved. This will undo any changes you and your webmaster made on your website after the restore date.
Update all plugins and theme to latest reversion. Please make sure that you are not using any theme, plugin, and code with any known susceptibility.
Ask your web developer or designer to manually scan all website files and database for any encrypted code and fix before asking for another review.
Try to delete any suspicious base64_decode, eval, referrer, decoded payload etc.
After doing any change and fixing the code, clear the cache on server and any cache on the website to make sure that code is not catch by any scanning tool again.
How to make your ad approved which was disapproved due to malicious or unwanted software?
After fixing the code wait for 10-12 hours and rescan the website to check if code is not generated again. If you are sure that you cleaned the malicious code completely, then only ask Google for another review or you may do some minor changes in your ads for Google reviews.
Google generally takes 1 business day to review the Google ads but it may take more in case of complex review.