Since malware removal can vary greatly, we can only provide general information here.
- As long as the malicious code is not completely removed, you should put the page offline to protect your customers/visitors. It is best to temporarily point to another empty folder. Further possibilities are e.g. via .htaccess or domain forwarding to another domain.
- Change FTP password. Under no circumstances store the FTP password in the FTP client. If necessary, also change other passwords (e.g. e-mail or checkdomain password), if in doubt.
- Check all computers that have connected via FTP for viruses or reinstall them if necessary. Whether you reinstall your PC is of course at your discretion. However, if there are viruses on the PC, it is often difficult to remove them completely. Often you have similar problems after a short time.
- CMS (software like Wordpress or Joomla) and plugins update. Possibly outdated software, which is no longer being updated.
- Request logs (FTP) to detect anomalies. (View logfiles of the webhosting package) (IP is usually of little use later on, as most connections come from abroad. and the computers are also hijacked PCs).
- Check files for malicious code and remove them.
This is very tedious, but often the viruses also leave comments, such as #f4343, after which they can can be searched for accordingly. Malicious code is preferably attached to index.php or index.html files.
.htaccess files are manipulated to redirect to other websites.
The attackers try to disguise the malicious code and this makes it easy to recognize. This could look like this:
Other suspicious patterns are "base64", "eval" or "iframe", but it does not necessarily have to be are malicious code.
- virustotal.com is the best way to control individual files.
- Deleting everything and performing a complete reinstallation is the safest way, but not always necessary/possible.
- If available, installing a backup can also take a lot of work off your shoulders. The backup must of course have been created when the web space was not yet infected. Checkdomain backup system
- To remove the malicious code completely or to close a CMS security hole is not always easy. If you don't want to delete everything and rebuild the site, you might want to use an external to instruct experts or to ask for information in anti-virus forums. (Checkdomain does not offer this service!)
- The easiest way to remove a Google Safe Browsing warning is to use Google Webmaster Tools (http://support.google.com/webmasters/bin/answer.py?hl=en&hlrm=en&answer=163634)
Send an email
Telephone support