Website Malware Removal

administrator • 17th Aug 2011 • malware removal

Websites are frequently hacked into to infect them with malicious code that causes them to distribute a virus, trojan horse, drive-by download, or other type of malware (malicious software). This malware can cause computers that access the website to become infected with malware and cause access to the website to be restricted or produce other symptoms of error. If your website has been infected with malware Ithacaweb can remove the malware from it for you and work with you to secure it against reinfection after a website evaluation has been performed.

It is critical that the website is properly secured against reinfection as the malware is likely to return if the proper measures to secure the website are not taken. Please feel free to contact us to receive a free consultation on how to best deal with your malware infection. If you are not sure that your website is infected we would also be happy to confirm for you whether your website is in fact infected.

The most common type of infection places an iframe or JavaScript injection that creates an iframe in the website’s pages. The iframe accesses a web page on another website that attempts to infect the computer that is accessing the web page with malware. In some cases the hacker will obfuscate the JavaScript code to make it harder to discover. Other malware infection scripts are placed into .htaccess files to redirect visitors to a website that attempts to infect their computer with malware or to insert malware into the page that is served when a file that does not exist is requested. The malicious code can be can be hidden in a variety of places and might only be active when the website is accessed in a particular way. In some cases the malware infection attempt may only occur if a visitor comes to the website through Google or another search engine, if they come directly to the website the attempted malware infection will not occur. The hacker can also place a backdoor script that allows them remote access to the website to make future changes to it.

Once your website has been infected it can quickly be blocked from visitors. The website may be flagged and blocked in the Internet Explorer (“This website has been reported as unsafe”), Firefox (“Reported Attack Site!”), Safari (“Warning: Visiting this site may harm your computer”), Chrome (“Warning: Visiting this site may harm your computer!”), and Opera (“Fraud Warning”) web browsers. It may also be flagged and blocked in the Google (“This site may harm your computer.”, “This site may harm your device.”), Yahoo (“Warning: Hacking Risks”), and or Bing search engines as well as Google’s AdWords advertising service, Twitter (“unsafe link”).

To remove the malware, we will find the malicious code inserted during the hack and remove it. Removing the malware from the website can take a few hours. We can work on the website through FTP/SFTP, SSH, with access to your hosting providers interface. We will also work with you to determine how your website was hacked and take measures to secure the website against reinfection. If your website has been flagged and blocked, we will request a malware review from Google, Yahoo, and or Bing to have the warning removed. It should take no more than a day to be removed from Google’s malware blacklist after a review has been requested.