Redirect malware is now a major headache for website owners. Learning how to remove redirect malware is not a job for the faint-hearted. It often involves getting up close and personal with files and databases. Here is what you need to know.
How to Remove Redirect Virus
The basic process to remove redirect malware is to scan your site, back up everything, then either cleanse your website or do a fresh install of it, and finally check all administrator accounts and change their passwords. Once this is all complete, you can relaunch your site and submit it for review.
Scan your site for malware
If you suspect any sort of cyberattack on your website, then your first step should be to inform your host that you’re aware of it and are dealing with it. Your second step should be to sign up for a website vulnerability scanner and have it scan your website.
Different products will have different features but any decent website vulnerability scanner will have an anti-malware scanner. Let this do its work and follow all recommendations.
Back up everything
Even if you already have a backup (or multiple backups) or your website, back it up again just to be on the safe side. Make a point of backing up anything which was created specifically for your website. This could be anything from text content and images to any custom third-party extensions you use. It’s particularly important to back up custom images as they can very easily get lost if you wind up having to do a complete reinstall.
Cleanse your website
Cleansing your website of redirect malware can be a long and painful job. It takes both skill and confidence. If you feel you’re not up to it, then the safest option is either to call in a professional or do a fresh install.
Check your site’s theme files
Look for JavaScript entries, especially those in the header. If you don’t see anything unusual in the header, scan the page and see if there is code that doesn’t have any explanatory text beside it. This could well be your malicious script.
Check your database
Hackers love attacking databases with redirect malware as this allows them to apply redirects to all of the posts/pages on your site. If you’re confident manipulating SQL then the quickest approach is generally to download a text file, use a SQL management tool to clean it up, and then re-upload the cleaned posts to the database.
If you’re not that keen on SQL manipulation, you could still try using a database tool such as PhpMyAdmin so that you can edit multiple pages/posts at the same time. Your final option is to do your clean up through your content management system interface (e.g. WordPress post editing). This will get you there in the end but you’ll be editing each page or post one by one so it will probably take you a while.
Check/delete widgets
If you’ve come this far and still haven’t found all the redirects then your next step is to check the widgets on your site. Alternatively, just delete them and reinstall the ones you feel you need/want.
Check for JavaScript within JavaScript
If you already have JavaScript files on your site then a hacker may have used them as cover for redirect code. The bad news is that the JavaScript is often obfuscated to hide the URL to which visitors are redirected. This makes it harder to find. The good news is that once you do find it, you’ll probably find that it’s repeated in exactly the same way across your files and hence is fairly easy to remove.
Check the .htaccess file
If you’ve reached this far and have not eliminated the redirects then there are really only two options left and one of them is the .htaccess. This is basically the brain of your website and as such needs to be handled with the utmost care. If you are not 100% confident in your skills then stop right now and either call in a professional or reinstall your site from scratch because breaking this file can turn a painful experience into a horrendous one.
Check your ad networks
If you’ve tried everything else and you still keep getting redirects, then the problem may actually lie outside your website. Ad networks are supposed to vet adverts before they are displayed but they don’t necessarily do a very thorough job of it, hence malvertising. Try disabling your ad networks and seeing if this solves the problem.
Please click here now to have your website scanned, for free, by cWatch from Comodo.
