How to Fix Google Ads Disapproved Due to Malicious or Unwanted Software?

Reliqus Marketing

26 March 2024

By Priti Gupta
Marketing Director

Google Ads is a powerful tool for businesses to reach their target audience and drive traffic to their website. However, sometimes, ads can get disapproved due to malicious or unwanted software, which can frustrate advertisers. Not only does this hinder their advertising efforts, but it also risks their brand reputation. 

If you’ve faced this issue, you’re not alone. Many businesses run into this problem and must find a way to fix it quickly. 

In this blog post, we’ll guide you through fixing Google Ads disapprovals caused by these pesky issues. We’ll provide step-by-step instructions on how to identify and remove any malicious or unwanted software from your website and tips on how to prevent future disapprovals. 

So, if you’re tired of seeing your ads get rejected, keep reading for the ultimate guide to resolving this common issue.

Preventing Abuse of the Google Ad Network

About 99% of sites use Google Ads to generate revenue and attract traffic. However, a website hack can severely affect revenue and organic search rankings. Malicious or unwanted software damages a site’s credibility and impacts its ability to run ads on Google and other advertising platforms. 

Therefore, maintaining trustworthy and relevant Google Ads and website content is paramount. If Google detects malware on a website, it will disapprove the associated ads and may suspend the account. 

Google Ads operates under strict policies, and any deviation results in policy violations and disapproved ads. When Google identifies an ad abusing the network, the ad will be suspended until the issue is resolved. 

If your ad was disapproved due to malware or a compromised website, it’s crucial to clean it up before appealing for approval again.


What is Malicious Software?

According to Google, Malicious software, also known as malware, is designed to harm or gain unauthorized access to computers, devices, or networks. It can install programs without user consent and may carry harmful viruses. 

Webmasters may unknowingly host malware in downloadable files on their sites. Google employs an automated process to detect malware, using data from various sources such as content, geographic areas, and web technologies.

There are several types of malicious software that can lead to ad account suspension, including:

  • Adware: Delivers unwanted advertisements and can monitor browsing data. 
  • Spyware: Secretly observes the user’s actions without their consent. 
  • Keyloggers: Records every keystroke made on the device to capture sensitive information. 
  • Trojan: Disguises itself as a legitimate program to deliver malware. 
  • Ransomware: Encrypts user’s data and demands ransom for its release. 
  • Mobile Malware: Specifically targets mobile devices to steal sensitive information or cause harm. 
  • Rootkits: Grants administrator-level control over the victim’s system to the hacker. 
  • Worms: Replicates itself to spread to other computers via a network. 
  • Fileless Malware: Resides in the device’s memory and does not write itself to the hard drive. 
  • Malicious Redirects: Redirects visitors from legitimate sites to malicious ones. 

For an in-depth understanding of each type, refer to Google’s Search documentation on malicious content and malware. Google’s methodology for malware detection is discussed in its Transparency report.

What is Unwanted Software?

Unwanted software, while distinct from malware, can similarly disrupt a user’s online experience. According to Google, unwanted software is any program that employs deceptive or unexpected behaviors or compromises the user’s browsing experience. 

Some attributes of unwanted software may include software that:

  1. This software embeds itself deeply into your system, making it challenging to uninstall.
  2. It contains dark patterns/deceptive design patterns that are manipulative tactics used to trick users into performing actions they may not intend to.
  3. The software may not clearly inform the user about all its functions and behaviors.
  4. The software may degrade system performance, consume significant resources, or alter user settings without permission.
  5. Unwanted software is often bundled with other software installations without transparent disclosure.
  6. The software may collect and transmit sensitive user data without explicit consent or disclosure.

You can refer to Google’s official Unwanted Software Policy for a more comprehensive understanding of unwanted software, including examples. By familiarizing yourself with the nuances of unwanted software, you can better safeguard your website and advertisements from inadvertently falling foul of Google’s stringent policies.

Why are my Google Ads Disapproved?

Google Ads could face disapproval due to several factors, most notably if there is any detection of malicious software or undesirable applications on your website or landing pages. In such cases, your ads would immediately face suspension.

– Ads face disapproval for malicious software or undesirable applications on websites/landing pages.

– Immediate suspension for detected security issues.

– Offering bundled software requires explicit user consent; failure results in a ban.

– Zero tolerance for redirection to malicious content or unsolicited automatic downloads.

– Advertisements mimicking a publisher’s website for software downloads or containing malware-infested images are flagged.

– Google Ads policy mandates user consent before altering browser settings, permission levels, or operating systems.

How to Fix Malicious or Unwanted Software Warnings?

To address malicious or unwanted software warnings for your website, follow these steps:

  1. Check for Recent Website Changes: 

Start by scanning your website for modifications to your core CMS, source code, plugins, themes, or files. Do this specifically for changes made around the time your ads were disapproved. 

  1. Check Google Search Console for Blocklisting: 

Take advantage of Google Search Console, a free tool from Google, to help manage your website’s performance. It provides insights into how Google views your website and whether it has been blocklisted due to security issues.

  1. Scan Website for Malware: 

It’s also essential to thoroughly scan your website for any malware or suspicious files. Tools like Wordfence or Sucuri can help identify these threats and keep your site safe.

However, these can be costly. A cost-effective alternative is to use Reliqus’s consulting malware removal services, which are tailored to fix these issues. 

  1. Repair Infected Files: 

Once malware is detected, either remove or clean the infected files. You must execute a thorough cleanup to remove any malevolent behaviors or software. Bringing your site back to a clean state is crucial. 

  1. Prevent Reinfection and Harden Site: 

Reinfection is common in malware attacks, so ensure you take steps to harden your website. This may include strengthening passwords, updating all software, and limiting login attempts.

  1. Optional: Contact Google Ads Support for further assistance.

Remember, you don’t have to go through this process alone. The Google Ads Support team can assist if needed, so don’t hesitate to reach out for additional information or guidance.

Contacting Google and Addressing a Suspended Ads Account

A suspended Google Ads account could indicate a malware infection. For help, turn to the Google Ads Help Center or contact the Google Ads team. If you believe the suspension was erroneous or you’ve rectified the malware issue, consider submitting an appeal. This can be done through the “Contact Us” link in your Google Ads account. 

You can contact Google Ads support with either of the following steps:

  1. You can reach them by clicking on the ‘Help’ button from the top nav and selecting the ‘Contact us’ button at the bottom of the menu.
  2. Call their toll-free number on the official Google Ads Contact page. This step can help get further guidance on addressing the suspension issue promptly.


Reach out to a Google support representative, assuring them of your business legitimacy and commitment to adhering to the Ads policy. Communicate the violations your ad incurred and the steps you’ve taken to resolve them. 

Be thorough in providing details to facilitate swift resolution. While it might take a few days for Google to address the issue, remain patient. Do not repost your ads until the issue has been fully resolved.

How to Fix Disapproved Ads Due to Malicious or Unwanted Software?

To fix disapproved Google Ads due to malicious or unwanted software, start by addressing the issues on your website. If your account isn’t wholly suspended, follow these steps diligently to get your disapproved ads back on track.

  • Begin by opening Google Ads.
  • On top of the navigation menu, click on Notifications.
  • Look for the Ads Disapproved notice and click Fix it.


  • You can find the suspension reason in the Status column adjacent to the ad. 
  • Hovering over the Disapproved status will show a link explaining the policy that was violated.
  • To select the disapproved ad, use the checkbox next to it. 
  • Click on the Edit button and choose the Appeal policy decision option.
  • When asked for the Reason for appeal, opt for Made changes to comply with the policy.
  • Complete your appeal by clicking on Submit. This action will submit your modified ads for another round of review.


Remember, ensure to remove any malware on your site before appealing. Appealing multiple ads without resolving the issue can result in limitations on future appeals. 

Once you’ve fixed the issue, submit an appeal through the Disapproved Ads and Policy Violations form in your Google Ads account. Typically, most ads are reviewed within one business day. However, more complex reviews may take longer.

If you face issues while appealing or need professional assistance, our expert team at Reliqus Consulting is here to help.

Preventing Malicious or Unwanted Software

The most common reason Google flags a website for malware is hacking. To protect your Google ads, it’s crucial to implement website hardening techniques.

To mitigate these risks and safeguard your online presence, consider implementing the following website hardening techniques:

  1. Keep Software Updated

Regularly update all software components of your website, including the content management system (CMS), plugins, themes, and any scripts or applications. Updates often contain security patches for newly discovered vulnerabilities.

  1. Install SSL Certificates

An SSL certificate encrypts data transmitted to and from your website, helping to secure user data and increase trust. Google Chrome and other browsers may flag sites without SSL as insecure.

  1. Use Strong Passwords

Ensure that all accounts associated with your website use strong, unique passwords. Avoid common passwords and use a password manager to generate and store complex passwords.

  1. Avoid Shared Hosting

Opt for a dedicated server or a hosting solution that doesn’t require you to share resources with other websites. Shared hosting can pose a risk if another site on the same server is compromised.

  1. Limit User Access

Only give administrative access to those who need it, and assign appropriate roles to users based on their needs. This minimizes the risk of unauthorized changes or a security breach from within.

  1. Secure Plugins, Themes, and Software

Choose reputable sources for any additional software, plugins, or themes you install on your site. Regularly review these components for updates or known vulnerabilities and remove any no longer necessary or supported.

  1. Prevent Directory Browsing

Configure your server settings to prevent users from browsing your directories. This reduces the visibility of your site’s structure to potential attackers.

  1. Make Regular Backups

Regular backups ensure you can restore your website to a previous state in case of a hack or data loss. Store backups in a secure location and test them periodically.

  1. Regular Malware Scans

Conduct regular scans for malware and vulnerabilities. Many security plugins or services offer scanning and monitoring capabilities to detect and sometimes fix security issues.

  1. Web Application Firewall (WAF)

Consider installing a WAF to protect your website from common threats by filtering and monitoring HTTP traffic between a web application and the Internet. A WAF can help block hacking attempts, spam, and DDoS attacks.


With clear objectives and thorough analysis, you can develop an impactful Google Ads campaign that drives conversions and business growth. Challenges, like ad disapproval due to unwanted software, may emerge, rendering even the best campaigns useless if suspended. 

If you’ve breached the unwanted software policy, anticipate some work to rectify your ads and website. Use this guide as a checklist to address potential issues, saving you precious time. Your focus should be on creating meaningful outcomes for your brand or client, so fix disapproved Google Ads swiftly and get back to producing results.

Priti Gupta

Marketing Director at Reliqus

She has worked on 100+ Digital Marketing projects, including a wide array of Content writing, SEO, Copywriting, Social media & Paid ads.

Latest from the blog

What is HTTP 428 Status Code (Precondition Required)?

For many website owners and developers, the HTTP 428 Status Code can be a source of frustration. Its implications are often misunderstood, leadin...

What is HTTP 426 Status Code (Upgrade Required)?

Have you ever encountered an HTTP 426 Status Code while browsing the web and wondered what it means? Don’t worry, you’re not alone. T...

What is HTTP 425 Status Code (Too Early)?

Are you familiar with the various HTTP status codes that pop up on your screen while browsing the web? You’ve likely encountered common one...

What is HTTP 424 Status Code (Failed Dependency)?

If you have ever encountered an HTTP 424 Status Code Error while browsing the web, you may have been left scratching your head and wondering what...