Thursday, July 14, 2011

How to remove Malware from Your Site?

Nowadays, more and more Websites are facing online threats and being infected with viruses, injections, backdoors, malware, adware pop-ups etc. When someone opens an unsecured Website then infections gets transferred to his/her computer through cookies and cache. On detection of malware, famous search engines and security software companies can blacklist your Website. To be on safe side, you should scan your Website through online tools and take necessary steps to remove the infections. We will illustrate the ways to detect and remove virus infection through your Website in this article.

Mural Andrew Vírus atacando Célula

NOTE: We suggest you taking the backup of your Website (files & database) and scan it on following tools on weekly basis.


You can scan your Website at following famous online tools:

  1. McAfee SiteAdvisor

  2. AVG Threat Labs

  3. Sucuri Site Check

  4. Norton Safe Web

  5. Google Safe Browsing

  6. TrendMicro Site Safety

  7. Unmask Parasites

  8. Amada Malware Database

  9. URL Void

  10. VirusTotal

  11. PhishTank

  12. Online Link Scan

  13. Browser Defender

Confirming the Detection

If any one of above scanner list the infection then it is the time to trace it out. You can use the ‘Firebug’ extension for Google Chrome & Firefox to trace the culprit code. Most of the times, the infected code is hidden in the files or adds up as a redirect in the .htaccess file. Following are the steps to confirm the virus infection: -

  1. If you have a backup of Website files prior to detection of virus infection, then download all the new files from the server.

  2. Download and install WinMerge Tool to compare the files.

  3. Compare the new files with previously backed up files using WinMerge.

  4. Download Lynx, command line browser, to browse the Website and detect any hidden code.

Protection from blacklist

Do you want to save your Website from being blacklisted? Yes, then you should immediately purchase a hosting at a new Hosting Provider, which provides secured Web Hosting on daily or monthly basis. If necessary, you can also book a new domain name quite similar to your Website.

You must have a good & safe backup of your Website files and databases, dating before virus detection. Upload these previously backed up file and export database to the new hosting. Make sure to change the DNS settings in order to redirect the visitors to new safe Website. If necessary, take help of new Website Hosting Provider to configure the DNS properly. After recovery, you can change the DNS settings to redirect the visitors to the old Website.

Action Time

It is the time to remove the infections and retrieve your Website. Perform following two actions when a tool detects infection:

  1. List out the tools, which have notified your Website as unsecure and download their reports.

  2. Note down the infected links, their location, type of infection and other details mentioned in the reports.

  3. Scan the computer(s) on which you have access to the Website with a trusted antivirus and dedicated antispyware product.

  4. Erase all the login details to access your Website like that of FTP, Control Panel (cPanel), CMS Dashboard etc.

  5. Reset the browser(s) and completely delete their Browsing History.


Before proceeding to next steps, you should make sure that your computer(s) are totally secure and does not have a single infection. If necessary, you can backup your data and get formatted your computer. Now, you have to take following actions to remove infections from your Website.

After performing each step, you should open your Website in the browser to check the symptoms and test at the listed tools of Step 1.

  1. Check the .htaccess file and remove any suspicious code. Not sure which one is the suspicious code then replace it with the default .htaccess file. If you do not have the backup of default .htaccess file then visit CoolTips htaccess Generator, configure the options and generate a new .htaccess file for you. If you are using a CMS then visit their support/forum section and get a default .htaccess file.

  2. Visit and generate the code to apply username and password to access .htaccess file. Insert this code inside the .htaccess file.

  3. If you have not booked a new domain and hosting then create a Site Maintenance page specifying that ‘Your Website is under maintenance for NN hours/minutes.”

  4. Add a redirect in the .htaccess file to redirect all of the visitors to a Site Maintenance Page.

  5. You can also email the registered users or subscribers about the downtime with a request not to browse your Website in prescribed timings with a genuine reason like “to avoid load shedding” or “to help in quick maintenance”. After the recovery process, you can email them again specifying that your Website is up and running.

  6. Immediately remove the identified suspicious code from each location of your Website.

  7. If you using a CMS then disable all the plug-ins or extensions, themes etc. one by one. We suggest you to disable one at a time until you identify the main culprit extension. If you do not find any conflicting plugin or theme, then do not enable the plugins/themes back.

  8. Remove each additional code from your Website, which you have added for extra features like social sharing options, analytics code, license code, banners etc.

  9. Test your Website now with above tools. If they do not find any infection then it is good to go else continue to perform steps.

  10. Most of the Website Hosting companies provide the options to scan the file system and database through trusted antivirus on demand. Contact your host and check whether they provide such service or not.

  11. If your Web Host do not provide scanning services then download all the files to your computer through FTP or SFTP.

  12. Take back up of the downloaded files at a safe location.

  13. Scan the files with trusted antivirus.

  14. Remove infections, if detected. If not then skip step 15 to 17.

  15. Remove all the files from the File System of your Website and upload the scanned files through FTP or SFTP.

  16. Try to open your Website and check whether it opens up or not.

  17. If the Website does not open then remove the files at your server and upload the backup taken in Step 9.

  18. If above steps does not work then take services of experienced security professionals to recover your Website.

Still no help after performing each step then it is the time to reinstall or re-setup your Website from scratch. Backup all the files & databases; remove them from server, and then setup from the beginning of the time. If you are using a CMS then reinstall it from starting and re-tailor it according to your need.


It is the best practice to backup your Website and scan it using above listed tools on weekly basis. In addition, you should perform above steps to recover your Website from the infections. We invite our readers to provide feedback and suggestions through their valuable comments. You can list your experience with virus detection and removal at your Website.

Tuesday, July 12, 2011

CTRL+F5 RethinkingWeb

Hi followers,

With the monsoon living up to its expectations (not in the case of some people like my partners), anyway, I am enjoying the monsoons and also the fact that it is now more than a year that RethinkingWeb has been in operations and thanks to all you well-wishers and a larger share of thanks (if there was any) to our esteemed clients and partners, who have made this a convenient journey and helped RethinkingWeb up its scale of operations and go big!

We have just recently revamped our website and have also started our full scale operations from Mulund. It has been an excellent journey so far and we have met some fantastic people throughout this journey, we have added a few new team members and are expecting a few more in. A lot of time and energy has been spent behind designing the new look for our website, we have tried to keep information which is most relevant on there for you and have taken careful steps to make sure that the navigation and visual characteristics appeal to our visitors, so do make sure you visit our website and give us a feedback on what you liked there and what you would like to see. We thought of adding a lot more to our site, however, are contemplating on different ideas. We are also planning on adding new content every now and then to help our visitors with new information, and not just data. Our designers are trying to work out the best possible designs and by incorporating latest technology and concepts.

While on our website do not forget to browse through our portfolio to witness some amazing works through us. Some of our clients have said some wonderful things about us and we shall soon post them on the website. All of this trust and adulation has been promising sign and hence we have now set up our new office in Mulund to be there for you all the time.

We will also be available on chat at all times on our website, so if you want to chat to any of our Rethinkers just log on to our website and chat with us about any questions you have. We will be integrating voice chat options soon, stay tuned to know more.

Do make an appointment and visit our new office at Mulund and we shall be happy to discuss business and weather with you (We form strong opinions on weather). Otherwise if you have something in mind and want us to sort it out for you, just give us a call and we shall pay you a visit. As it is, monsoons have given us a reason to launch our new office and website, we are also offering a 25 % discount on new websites and web designing projects.

As mentioned earlier we will make changes to our content and designs from time to time, we will also change our offers every month and will keep updating you via blogs and mailers. So stay tuned for what’s to follow.

Thank you all, it is a pleasure sharing all of this with you, we hope you enjoy prosperity this monsoon.

Bye for now.