Case Study: Fixing Google Ads Malicious or unwanted software Issue

Apr 30, 2020 | Case Study, Errors and Troubleshooting, Wordpress Security

Google Ads stating Malicious or unwanted software issues could be really troublesome. We have dealt with it in the past and we have to deal with Google Ads Malicious or Unwanted software issue every now and then.

This week while at work, one of our clients reported that they are having issues while running their Google Ads. Google Ads kept disapproving the Ads for the client’s website and kept showing the same message over and over that Google Ads detected malicious or unwanted software. We put our best hands on deck to find the issue and resolve it once and for all.

How to Fix Google Ads Malicious or Unwanted Software Issue


So getting to resolve the issue we narrowed down our approach at the following steps:

  1. Determine whats the message being shown in the Google Ads to be precise.
  2. Scan the website on different platforms to find if it has malware in it.
  3. Manually view the source code of the page for which you are trying to run ads.
  4. Start exploring the sitemap and find if there are pages or posts with the malicious content on the site.
  5. Fix or remove the content and recheck the website once more.
  6. Generate a new sitemap and then submit it again to see if it takes effect.
  7. Resubmit your landing page for Indexing in Google Webmaster.
  8. Force clear Sucuri site cache so that it may show no previous traces of scans.

1. Determining the Message in Google Ads Console:

There can be many kinds of messages in the Google Ads console but the message we checked was clear enough and stating that:

Malicious or unwanted software detected

From this instance it is clear that either the site is hacked or deep down somewhere malware is hidden and it is activating itself every now and then which is not visible to the human eye but the Google’s smart bots can detect it and they will never allow any kind of misleading activity to happen. Below you can see the exact message:

It is evident that the issue is related to malware. We need to find the malware and we have to remove it so that we may resolve the Google ads malicious or unwanted software issue.

2. Scan the website for the malware issue:

There are a couple of online tools available that scan the website for you to report you about the malware. One of the most popular we use all the time is Sucuri Site Scanner. This tool is developed by the leading malware detection giant, Sucuri. Its best among all we have used and it provides the results instantly without having you wait for a couple of days or minutes. We scanned our website and found that it had some malicious code in it. Here’s a screenshot how it looks like:

Now you can run your anti-malware plugin in the WordPress which may help you locate the issue or you can utilize professional malware removal service to help you out. Sometimes Sucuri won’t identify the issue so your only guess would be to hire someone expert who may understand the malware issue and help you out.

3. Manually review the page source code:

Another option to view the malware issue is to find out which links are going outside of your website which you may don’t have added in your website yourself. It involves a bit advanced step as you will have to go through each line of your website’s source code in the browser. For instance, Sucuri reported that there is a link which “want create site?”. We need to find out where exactly on the page it is inserted so that we may remove it from the location it is found. You need to right-click in the website and then select the option “View Page Source”, once its opened you can press “CTRL + F” and it will open a search box. You can type the string in it and it will take you to the exact string. Have a look at the screenshot below:

We have located the string which is not at all related to our website and it is also hidden with the CSS in it. So we need to remove it so that it may not be marked by Google Ads as Malicious or unwanted software.


4. Explore the sitemap of the website:

Another option to determine the content which is looking malicious to the Google Ads could be found by going to Google Search and then looking out your website by following search query:

Notice here we have appended “site” before our website URL followed by a colon. It will just bring up all the pages which are indexed in Google search engine and we will have an idea how and where are the things going wrong. For instance, we searched our website in google search and found all these results:

If you may notice the Meta Description, it is clear that this is malicious content. Our website language is English, but this text is in some other language which we never put on the website. So we need to go into each and every content type listed by the opening page and then looking for its setting in the backend to resolve the issue. It is one of the clear causes of Google Ads malicious or unwanted software issues.

5. Fix or Remove the content found

Now we have found the content which is looking malicious, we just need to go into the website and fix it so that it may cause no more trouble to the site. Once you have fixed the content, it won’t appear immediately in the search engine as it needs some time to get re-indexed. It is not necessary that content may always look like the one shown in the above step. It could be another thing as well, such as an illegal character string or perhaps some advertisement. But it is clear that there must be some of the things which need to be taken care of if you want to avoid messing with Google Ads malicious or unwanted software issue.

If you are not sure that you can do it yourself, We would advise you to hire an industry professional to remove malware from your website. Also, you may also need to remove all the dummy data or leftover data from your website so any of the orphan data may not appear in the Google search. It is also considered as malicious data. Dummy data might be there in the form of development needs. Your developer might have forgotten to delete it once he/they delivered the website to you. It is highly important to take care of such things before going live or before creating a campaign for Google Ads.

6. Generate new sitemap

Now as you have fixed the content, you must Re-generate the Sitemap and submit it into the Google Webmaster console. It is really really important to do that. You need to inform the search engine that you have made the changes to the site and you have removed the content which is not at all required on the website. It is simple to do. You can install any sitemap plugin and then visit the URL in the following format:

If your website’s sitemap is generated successfully, it will appear at the URL. But make sure to amend “” with your website’s URL.

Visit the Google Webmaster console and then submit the Sitemap using the “Sitemap” menu from the left-hand sidebar.

7. Resubmit the landing page for indexing:

It is important that we must re-submit the landing page which we created for our ad campaign to get re-indexed as it will tell the search engine that there is no more malicious content and we have changed the data and links in it which will help to clear the issue of Google Ads malicious or unwanted software issue. It is also done from the Google Webmaster tools -> URL Inspection Page. Once you are there, just enter your URL and it will crawl the page and it will present you with a button to submit for Indexing.

8. Enforce clear Sucuri site cache:

Once you have made sure that you have cleaned the website thoroughly, you need to visit the Sucuri site scanner page and then you can find a button at the bottom of the page to “Force Rescan

It will help you to clear cache and also help you get your ads back and running up.

Final Word

Issues and errors are fixable if you know what to do. We hope this article helps you fix Google Ads Malicious or unwanted software Issues. Follow the above-mentioned steps and you will be able to fix the Google Ads issue. After that take precautionary measures to harden the security of your website.