(The discussion of Google policies is not within the scope of
the HTML and Browsers forum, so I'm moving it to Google News.)

I'm sure Google would not want their search results to be responsible for spreading a trojan if they could prevent it - Google itself has recently been the target of several worm-generated denial of service attempts. So this is not an impossibility at all.

If the two iframes were the only damage done on your site, then Googlebot would not be getting the code for the worm from its request for your page from your server. It would only see the worm (if at all) when it followed the url in the src attribute.

Still, Google could make that connection if it detected the worm, had the record of the source url on your site. So they might close off your site as a kind of protection.

That's just conjecture, you understand. All kinds of glitches on Google's back end can knock your pages out of the Google SERPs for a period, only to have them reappear a few days or weeks later. You may never fully know what happened, and it doesn't have to be because of anything on your site.

I'd say the best thing to do is what you are doing: clean up the ship and then perhaps get a few new inbound links, just so there's a fresh trail for Googlebot.

Look at your old server logs for traffic-producing keywords and check those searches - and don't sweat shifts in the Toolbar PR too much. And of course, watch the new logs for signs of Googlebot continuing to visit. That would be a hopeful sign, especially as you clean up the site and get rid of any damage left behind by the trojan.

Kaled.

1) Move Host to get new IP and better security.
2) Clean it up thoroughly.
3) Email Google with full details including action you have taken.
4) Wait with fingers crossed.