Thursday, July 14, 2011

How to remove Malware from Your Site?

Nowadays, more and more Websites are facing online threats and being infected with viruses, injections, backdoors, malware, adware pop-ups etc. When someone opens an unsecured Website then infections gets transferred to his/her computer through cookies and cache. On detection of malware, famous search engines and security software companies can blacklist your Website. To be on safe side, you should scan your Website through online tools and take necessary steps to remove the infections. We will illustrate the ways to detect and remove virus infection through your Website in this article.


Mural Andrew Vírus atacando Célula


NOTE: We suggest you taking the backup of your Website (files & database) and scan it on following tools on weekly basis.


Detection


You can scan your Website at following famous online tools:



  1. McAfee SiteAdvisor

  2. AVG Threat Labs

  3. Sucuri Site Check

  4. Norton Safe Web

  5. Google Safe Browsing

  6. TrendMicro Site Safety

  7. Unmask Parasites

  8. Amada Malware Database

  9. URL Void

  10. VirusTotal

  11. PhishTank

  12. Online Link Scan

  13. Browser Defender


Confirming the Detection


If any one of above scanner list the infection then it is the time to trace it out. You can use the ‘Firebug’ extension for Google Chrome & Firefox to trace the culprit code. Most of the times, the infected code is hidden in the files or adds up as a redirect in the .htaccess file. Following are the steps to confirm the virus infection: -



  1. If you have a backup of Website files prior to detection of virus infection, then download all the new files from the server.

  2. Download and install WinMerge Tool to compare the files.

  3. Compare the new files with previously backed up files using WinMerge.

  4. Download Lynx, command line browser, to browse the Website and detect any hidden code.


Protection from blacklist


Do you want to save your Website from being blacklisted? Yes, then you should immediately purchase a hosting at a new Hosting Provider, which provides secured Web Hosting on daily or monthly basis. If necessary, you can also book a new domain name quite similar to your Website.


You must have a good & safe backup of your Website files and databases, dating before virus detection. Upload these previously backed up file and export database to the new hosting. Make sure to change the DNS settings in order to redirect the visitors to new safe Website. If necessary, take help of new Website Hosting Provider to configure the DNS properly. After recovery, you can change the DNS settings to redirect the visitors to the old Website.


Action Time


It is the time to remove the infections and retrieve your Website. Perform following two actions when a tool detects infection:



  1. List out the tools, which have notified your Website as unsecure and download their reports.

  2. Note down the infected links, their location, type of infection and other details mentioned in the reports.

  3. Scan the computer(s) on which you have access to the Website with a trusted antivirus and dedicated antispyware product.

  4. Erase all the login details to access your Website like that of FTP, Control Panel (cPanel), CMS Dashboard etc.

  5. Reset the browser(s) and completely delete their Browsing History.


Security


Before proceeding to next steps, you should make sure that your computer(s) are totally secure and does not have a single infection. If necessary, you can backup your data and get formatted your computer. Now, you have to take following actions to remove infections from your Website.


After performing each step, you should open your Website in the browser to check the symptoms and test at the listed tools of Step 1.



  1. Check the .htaccess file and remove any suspicious code. Not sure which one is the suspicious code then replace it with the default .htaccess file. If you do not have the backup of default .htaccess file then visit CoolTips htaccess Generator, configure the options and generate a new .htaccess file for you. If you are using a CMS then visit their support/forum section and get a default .htaccess file.

  2. Visit http://www.htaccesstools.com/htpasswd-generator and generate the code to apply username and password to access .htaccess file. Insert this code inside the .htaccess file.

  3. If you have not booked a new domain and hosting then create a Site Maintenance page specifying that ‘Your Website is under maintenance for NN hours/minutes.”

  4. Add a redirect in the .htaccess file to redirect all of the visitors to a Site Maintenance Page.

  5. You can also email the registered users or subscribers about the downtime with a request not to browse your Website in prescribed timings with a genuine reason like “to avoid load shedding” or “to help in quick maintenance”. After the recovery process, you can email them again specifying that your Website is up and running.

  6. Immediately remove the identified suspicious code from each location of your Website.

  7. If you using a CMS then disable all the plug-ins or extensions, themes etc. one by one. We suggest you to disable one at a time until you identify the main culprit extension. If you do not find any conflicting plugin or theme, then do not enable the plugins/themes back.

  8. Remove each additional code from your Website, which you have added for extra features like social sharing options, analytics code, license code, banners etc.

  9. Test your Website now with above tools. If they do not find any infection then it is good to go else continue to perform steps.

  10. Most of the Website Hosting companies provide the options to scan the file system and database through trusted antivirus on demand. Contact your host and check whether they provide such service or not.

  11. If your Web Host do not provide scanning services then download all the files to your computer through FTP or SFTP.

  12. Take back up of the downloaded files at a safe location.

  13. Scan the files with trusted antivirus.

  14. Remove infections, if detected. If not then skip step 15 to 17.

  15. Remove all the files from the File System of your Website and upload the scanned files through FTP or SFTP.

  16. Try to open your Website and check whether it opens up or not.

  17. If the Website does not open then remove the files at your server and upload the backup taken in Step 9.

  18. If above steps does not work then take services of experienced security professionals to recover your Website.


Still no help after performing each step then it is the time to reinstall or re-setup your Website from scratch. Backup all the files & databases; remove them from server, and then setup from the beginning of the time. If you are using a CMS then reinstall it from starting and re-tailor it according to your need.


Conclusion


It is the best practice to backup your Website and scan it using above listed tools on weekly basis. In addition, you should perform above steps to recover your Website from the infections. We invite our readers to provide feedback and suggestions through their valuable comments. You can list your experience with virus detection and removal at your Website.

11 comments:

  1. Just like Ask toolbar. When you install some software it can take over your browser, change homepage. Like a virus. And to solve this task I andice next article: http://removalbits.com/how-to-remove-ask-toolbar-from-your-browser-removal-guide/. I hope it will be useful for you.

    ReplyDelete
  2. At whatever point I'm asked regardless of whether a registry cleaner take out spyware and malware the short answer is, 'no'. That is just basically in light of the fact that spyware and malware are cleaned by an antivirus program not a registry more clean. adware removal

    ReplyDelete
  3. I really loved reading your blog. It was very informative and easy to understand. Thanks for sharing such a great information regarding malware.

    ReplyDelete
  4. Hey vidya,
    Nice blog. simple wording & easy to understand. Thanks for sharing this useful post.
    A malware contagious website is always neglected by online users. If you do not want to keep online users away from your website, then best website malware removal service providers USA is the solution of this concern. For any information call us our TOLL free no. +1-888-339-8933 .

    ReplyDelete
  5. Let us help you with printers, routers,malware , slow laptops, and any other technology issue.Best Buy Systems is your trusted source for technical support in Valencia, California, USA. Our customer service was made to offer US Technical support to the customers on their desk with no interference. For any help you can call us our toll free number +1-888-339-8933 .

    ReplyDelete
  6. Malware likewise discovers its direction onto PCs by piggy-support off huge, honest to goodness organizations. For instance, Firefox, the world's second most mainstream internet browser has actually a great many supported and homebrew augmentations - some of which may contain malware.video surveillance system reviews

    ReplyDelete
  7. I read your post and got it quite informative. After reading your article I am impressed by the details that you have shared in this post and It reveals how nicely you understand this subject. If anyone looking for the Norton 360 Customer Service Support, Visit support-norton.co

    ReplyDelete
  8. This is beyond question the most famous sort of spy cam. Consider it a camera incorporated with regular items which enable it to mix in with pretty much any sort of condition you can consider. www.strikingly.com

    ReplyDelete
  9. Informative Post. Steps to remove malware appended to the browsers have been explained in a simple & easy manner. I came across a similar blog on Virus Removal Guidelines site few days back. Found it quite helpful as it explained how a user can prevent adware, Trojan & Qbit PC Speedup malware infection by taking security steps.

    ReplyDelete
  10. Really nice information you had provided here. And i wanna appreciate within this. Thank you for providing this information. enter-sys.com provide best business cloud solution and cloud PBX services. To know more about us you can visit on Cloud PBX Baton Rouge


    ReplyDelete