How to remove Malware from Your Site?

Nowadays, more and more Websites are facing online threats and being infected with viruses, injections, backdoors, malware, adware pop-ups etc. When someone opens an unsecured Website then infections gets transferred to his/her computer through cookies and cache. On detection of malware, famous search engines and security software companies can blacklist your Website. To be on safe side, you should scan your Website through online tools and take necessary steps to remove the infections. We will illustrate the ways to detect and remove virus infection through your Website in this article.

NOTE: We suggest you taking the backup of your Website (files & database) and scan it on following tools on weekly basis.

Detection

You can scan your Website at following famous online tools:

1. McAfee SiteAdvisor
2. AVG Threat Labs
3. Sucuri Site Check
4. Norton Safe Web
5. Google Safe Browsing
6. TrendMicro Site Safety
7. Unmask Parasites
8. Amada Malware Database
9. URL Void
10. VirusTotal
11. PhishTank
12. Online Link Scan
13. Browser Defender

Confirming the Detection

If any one of above scanner list the infection then it is the time to trace it out. You can use the ‘Firebug’ extension for Google Chrome & Firefox to trace the culprit code. Most of the times, the infected code is hidden in the files or adds up as a redirect in the .htaccess file. Following are the steps to confirm the virus infection: –

1. If you have a backup of Website files prior to detection of virus infection, then download all the new files from the server.
2. Download and install WinMerge Tool to compare the files.
3. Compare the new files with previously backed up files using WinMerge.
4. Download Lynx, command line browser, to browse the Website and detect any hidden code.

Protection from blacklist

Do you want to save your Website from being blacklisted? Yes, then you should immediately purchase a hosting at a new Hosting Provider, which provides secured Web Hosting on daily or monthly basis. If necessary, you can also book a new domain name quite similar to your Website.

You must have a good & safe backup of your Website files and databases, dating before virus detection. Upload these previously backed up file and export database to the new hosting. Make sure to change the DNS settings in order to redirect the visitors to new safe Website. If necessary, take help of new Website Hosting Provider to configure the DNS properly. After recovery, you can change the DNS settings to redirect the visitors to the old Website.

Action Time

It is the time to remove the infections and retrieve your Website. Perform following two actions when a tool detects infection:

1. List out the tools, which have notified your Website as unsecure and download their reports.
2. Note down the infected links, their location, type of infection and other details mentioned in the reports.
3. Scan the computer(s) on which you have access to the Website with a trusted antivirus and dedicated antispyware product.
4. Erase all the login details to access your Website like that of FTP, Control Panel (cPanel), CMS Dashboard etc.
5. Reset the browser(s) and completely delete their Browsing History.

Before proceeding to next steps, you should make sure that your computer(s) are totally secure and does not have a single infection. If necessary, you can backup your data and get formatted your computer. Now, you have to take following actions to remove infections from your Website.

After performing each step, you should open your Website in the browser to check the symptoms and test at the listed tools of Step 1.

1. Check the .htaccess file and remove any suspicious code. Not sure which one is the suspicious code then replace it with the default .htaccess file. If you do not have the backup of default .htaccess file then visit CoolTips htaccess Generator, configure the options and generate a new .htaccess file for you. If you are using a CMS then visit their support/forum section and get a default .htaccess file.
2. Visit http://www.htaccesstools.com/htpasswd-generator and generate the code to apply username and password to access .htaccess file. Insert this code inside the .htaccess file.
3. If you have not booked a new domain and hosting then create a Site Maintenance page specifying that ‘Your Website is under maintenance for NN hours/minutes.”
4. Add a redirect in the .htaccess file to redirect all of the visitors to a Site Maintenance Page.
5. You can also email the registered users or subscribers about the downtime with a request not to browse your Website in prescribed timings with a genuine reason like “to avoid load shedding” or “to help in quick maintenance”. After the recovery process, you can email them again specifying that your Website is up and running.
6. Immediately remove the identified suspicious code from each location of your Website.
7. If you using a CMS then disable all the plug-ins or extensions, themes etc. one by one. We suggest you to disable one at a time until you identify the main culprit extension. If you do not find any conflicting plugin or theme, then do not enable the plugins/themes back.
8. Remove each additional code from your Website, which you have added for extra features like social sharing options, analytics code, license code, banners etc.
9. Test your Website now with above tools. If they do not find any infection then it is good to go else continue to perform steps.
10. Most of the Website Hosting companies provide the options to scan the file system and database through trusted antivirus on demand. Contact your host and check whether they provide such service or not.
11. If your Web Host do not provide scanning services then download all the files to your computer through FTP or SFTP.
12. Take back up of the downloaded files at a safe location.
13. Scan the files with trusted antivirus.
14. Remove infections, if detected. If not then skip step 15 to 17.
15. Remove all the files from the File System of your Website and upload the scanned files through FTP or SFTP.
16. Try to open your Website and check whether it opens up or not.
17. If the Website does not open then remove the files at your server and upload the backup taken in Step 9.
18. If above steps does not work then take services of experienced security professionals to recover your Website.

Still no help after performing each step then it is the time to reinstall or re-setup your Website from scratch. Backup all the files & databases; remove them from server, and then setup from the beginning of the time. If you are using a CMS then reinstall it from starting and re-tailor it according to your need.

Conclusion

It is the best practice to backup your Website and scan it using above listed tools on weekly basis. In addition, you should perform above steps to recover your Website from the infections. We invite our readers to provide feedback and suggestions through their valuable comments. You can list your experience with virus detection and removal at your Website.

Keshav Arora is a Senior Technical Writer with seo-Semantic-xhtml.com, a specialized division of IPraxa. He specializes in topics on Content Management Systems, Web Design and Development Technologies. seo-semantic-xhtml.com provides PSD to HTML, XHTML, CSS and 3rd party application integration. Follow us on Twitter, and be our fan on Facebook.