Website Malware Removal
Websites are frequently hacked to make them distribute a virus, trojan horse, drive-by download, or other type of malware (malicious software). In the fourth quarter of 2009 it was estimated that 560,000 websites and 5.5 million web pages were infected with malware.1 This malware can cause computers that access to website to become infected with malware and cause the website to become inaccessible to visitors. If your website has been hacked to distribute malware we can clean it up for you and work with you to insure that it does not get hacked again. Properly securing the website against getting hacked again is essential but often overlooked, with 42% of infected website getting reinfected in fourth quarter of 2009.1
The most common type of hack, referred to as an iframe hack, places an iframe or JavaScript code that creates an iframe in the website's pages. The iframe accesses a web page on another website that attempts to infect the computer that is accessing the web page with malware. In some cases the hacker will obfuscate the JavaScript code to make it harder to discover. Other malware infection scripts are placed into .htaccess files to redirect visitors to a website that attempts to infect their computer with malware or to insert malware into the page that is served when a file that does not exist is requested. The malicious code can be can be hidden in a variety of places and might only be active when the website is accessed in a particular way. In some cases the malware infection attempt may only occur if a visitor comes to the website through a search engine, if they come directly to the website the attempted malware infection will not occur. If you are not sure if your website has been infected with malware, please feel free to contact us to confirm whether it is infected.
Once your website has been infected it can quickly become inaccessible to many visitors. The website may be flagged and blocked in the Internet Explorer ("This website has been reported as unsafe"), Firefox ("Reported Attack Site!"), Safari ("Warning: Visiting this site may harm your computer"), Chrome ("Warning: Visiting this site may harm your computer!"), and Opera ("Fraud Warning") web browsers. It may also be flagged and blocked in the Google ("This site may harm your computer."), Yahoo ("Warning: Dangerous Downloads"), and or Bing search engines as well as Google's AdWords advertising service and Twitter ("unsafe link").
To clean up the website, we will review the website's files for the code inserted during the hack that is inserting malware infection scripts into the website and remove that code. Checking and cleaning the website's files takes a few hours. We will also work with you to determine how your website was hacked to insure that the website is not hacked again. If your website has been flagged and blocked, we will assist you in getting the flag removed by requesting a malware review from Google, Yahoo, and or Bing. It should take no more than a day to be removed from Google's malware blacklist after a review has been requested.
Recently Active Malware
- Gumblar (JS:Downloader-FY, Trojan-Downloader.JS.Gumblar.x, Mal/ObfJS-CN, JS:Kroxxu-Z), inserts gifimg.php files, (domains: virtualportfolio.ca, anzenbergalm.at, commodityprofit.com, selmaoren.av.tr, hogwart.konkuk.ac.kr, opheliejoly.com, cantoytecnicavocal.com.ar, xattack.in, javlok.freehostia.com, kislaykomal.com, orum.klotek.net, christchurchnsfb.org.uk, katalog-stron.waa.pl, nilayoram.com, artyshok.com, poker.wedoitallvegas.com, americandesii.com, kerry-engineering-job.co.cc, etc)
- port 8080 (JS:Illredir-W [Trj], JS:Illredir-Z [Trj], JS:Illredir-AC [Trj], JS:Illredir-AD [Trj], Troj/JSRedir-AU) (domains: yoursuperpool.ru, buytheblender.ru, neolabonline.ru, excellentblender.ru, theblendertutorial.ru, etc)
- Torpig (JS/Sinowal-G, Mal/ObfJS-AG, HTML:IFrame-KU [Trj], Trojan-Downloader.JS.Twetti, VirTool:JS/Obfuscator.M)
- OpenX Banner Page Hack (domains: newspickerdot.com, newtickepicker.com, alphapopup.com, betapopup.com, ads.is, elnkvdgtbui.com, liveinternit.com, worldwesttrans.com, liveinterneta.info)
- 4ura.us script (JS:Illredir-AE, Troj/Iframe-EA)
- Waledac (HTML:IFrame-KP [Trj]) (domains: joycerer.com, apomith.com, tabatti.com)
- x-unic.com script (additional domain: zone-line.com)
- spywareshop.info .htaccess redirect
Price:
150.00 USD for a basic website, contact us for details about discounted rates for multiple websites. We offer specialized service for WordPress blogs, Joomla websites, Drupal websites, Moodle websites, phpBB forums, Magento stores, and Zen Cart stores that have been hacked. For websites built on other content management system (CMS), blog, forum, cart, or gallery applications please contact us about availability of service and pricing. Payment is due after the malware has been removed and we accept payment by credit card, debit card, eCheck, or PayPal in a number of currencies.
