How To Remove Website Malware: Tips for Doing It Yourself

Before You Start

Sorry to see you here. Well, not at Developer Squad but more for the reason you’re here – how to remove website malware. Before you begin your journey into cleaning your site, a few things.

Audit all access to your site, database(s), hosting and ways to connect to your server such as FTP and SSH. Make sure you know who has access and remove anyone who shouldn’t or should no longer have access. Those that should, access should be updated.

If you haven’t already, put your site in maintenance mode. No sense in infecting your visitors. If you have a CMS, usually there is a quick easy way to do it. If not, create a quick index.html file with a quick message. No need to get fancy. You have more important things to do.

Make sure you actually have malware. Maybe you’ve got a malware message or file from your host. Or worse a message from a visitor. But if not sure, see our previous article on how to check if you have malware. Sometimes you might just have site issues that need to be addressed.

Backup everything now. Yes, even if you’re backing up malware. Just make sure not to overwrite any previous backups. Always a good habit to backup before changing, editing and deleting files, even if infected. And everything means your files, database(s) and even some important hidden files like htaccess and user.in.

Warning / Disclaimer

There are over 350,000 new malware registered every day – that is over 4 a second! And although there are similarities between different types and strains of malware, unfortunately there is no “catch all” to help you tackle malware.

Before digging into ways on how to remove website malware, know you could be dealing with more than one type of malware. There could be file corruption as well as database injections and even after all that there could be back doors left open for reinfection.

Ideally you should seek the help of pros, us or someone else, who use sophisticated scanning algorithms that are updated continually to address this onslaught.

Okay, so you still want to remove the malware yourself?

I am a tech head myself, so I get it. Just wanted to pass on a word of caution before opening Pandora’s Box.

DISCLAIMER:

This is a general tips guideline for malware removal for the do it yourself person who has the necessary skill set, knowledge and resources to attempt. Due to the variety of malware, it’s constant state of change, the differences in level of infection and other factors, there is no cookie cutter approach to this. YOU ARE ON YOUR OWN AND PROCEED AT YOUR OWN RISK.

This is a friendly high level list of tips on how to remove website malware on your own. I, Developer Squad, nor anyone associated with us shall NOT be held liable for anything in this list of tips. This is being offered as suggestions you could do and look for but make no mistake that it is YOU, not US, who decides on the approach and the removal. So you alone are liable for what you do with your site.

Sorry, needed to make sure you know that you need to take full responsibility for your own actions whether from tips we give, or others.

How To Remove Website Malware

Some Common Ways To Remove Website Malware
NOTE: Use at own risk. Backup files and databases before attempting.

  1. Restore From Backup

    Restoring from a previous backup can get you up and running quick and painlessly – if the malware only infected your files. Hopefully you have a backup you can use. If you don’t backup on your own, check with your host. Many do daily backups, up to a week back. In either case, try to restore from one that is prior to the infection.

  2. Compare With Backup

    Maybe you have a backup but you don’t want to restore using it for some reason. Another method you can use is compare the files and database structure, dates etc with what is on the site now. That could give you an indication as to what has malware and where you need to address it.

  3. Use Malware / Suspected Files Report

    Your host may be able to provide you with a malware scan report. You may already have one in the root of your hosting account. If not, ask. This is basically a “hit list” of infected files – or what the host’s software thinks is infected. Sometimes they throw false positives (show infected even if not). You can use this list to go through and clean the malware. Note, just because it is on the list means delete/remove. NO! There is a good chance that some or even many of those files just have malicious code added to a legitimate file. So you need to remove the fully malware oriented files while cleaning just the malicious code from legitimate files that got infected. Generally, but not always, this code is pretty obvious and is in the beginning or end of a file.

  4. Leverage Free Tools and Services

    If you can’t get a malware list from your host, then you’re left to your own devices to figure out what is infected. There are some free tools and services that may get you started. Google Webmasters, Bing Webmasters and Norton Safe Web all provide more details on infection if you’re listed with them. If you have not already signed up for all three, you should do that regardless. There are some other places to check in this earlier post.

  5. Search Specific Infection

    If you know what you’re infected with, there’s a good chance someone has some tips on removal. Search for the symptoms or redirect urls visitors are experiencing. This is an old-school but very effective way to attack the issue.

  6. Manual Hunt and Peck

    This is the last resort and the worst amount of work. You’re here because you don’t know what you’re infected with and have no clue on how to get rid of it. Things to check here are the htaccess file (look for odd redirects), comb through your site directories looking for oddly named files (some much easier to spot than others) and then look for the dates of files for those that were changed recently. That can indicate malicious code has been added.

The Aftermath

Okay, so hopefully you’ve survived and gotten through the malware battle victorious! But your work is not done, just yet.

Make sure to go through our post-removal checklist to keep your website as safe as possible from reinfection.

Scroll to Top