How to Get Rid of Malware on My Website

by Nina Rotz

A website is commonly attacked through malware injection code. The coding is injected through HTML files or an HTACCESS file. The malware is then spread to anyone who views your website. If you notice a malware or virus warning, immediately clean out your HTACCESS file and all webpage files. Change the main website password and all administrator passwords to scripts installed on the web server.

Cleaning Out HTACCESS Malware

1

Log in to the website's root directory using an FTP program (many are free, such as SmartFTP and FileZilla).

2

Select "Desktop" on the left hand side of the FTP program. Drag the entire "public_html" folder from right hand side to the left side of the screen. This will download all website files from the web server to your desktop.

3

Go to the desktop and double-click on the folder "public_html" to open it. Locate the file named ".htaccess."

4

Right click on HTACCESS file and select "Open With" and "Notepad."

5

Clean out any malicious code found in the HTACCESS file, including redirects and embedded <iframe> code. Save changes by clicking on "File" and "Save."

Cleaning Out HTML Pages

1

Go back to "public_html" folder and locate the file named "index.html" (or "index.php").

2

Right-click on the index file and select "Open With" and "Notepad."

3

Click on "Edit" and "Find" in "Notepad." Search for malicious code by typing in <object>, <embed> and <iframe> in the search field.

4

Clean out any malicious code. Delete malware code from an opening tag, such as "<iframe>," to a closing tag, such as "</iframe>."

5

Save the changes.

Deleting Third-Party Codes

1

Open up individual HTML and PHP files using Notepad.

2

Look for free third-party scripts you have installed. These include free counters or guestbooks.

3

Delete third-party code and all HTML tags associated with a free script.

4

Save changes in "Notepad."

Restore Website

1

Open up the FTP program and log in to the website's root directory.

2

Click on the left-hand side where "public_html" is listed.

3

Drag and drop "public_html" from the left- to the right-hand side of the screen.

4

Confirm that you wish to re-upload website files and publish them.

5

Select "Overwrite existing files" if prompted by the FTP program.

Tips

  • check Free third-party scripts can carry malicious malware code. These are often seen as pop-ups, advertisements and page redirects. "Third-party" refers to scripts that are not hosted on your web server but are instead accessed at a remote link and hosted by the developer of the script.
  • check Uploading a blank HTACCESS file will also delete any malware coding. This option is safe if you do not have any functions or variables in HTACCESS that are necessary for website operations.

Warning

  • close Do not open up website files using Internet Explorer or Firefox if you are alerted of malware on your website. Opening up HTML and PHP files in a web browser executes malware and allows it to install on your computer. Downloading and opening infected files on the desktop is safe. Malware cannot execute if opened up in Notepad.

Photo Credits

  • photo_camera Thinkstock Images/Comstock/Getty Images