Ask a Question

Advanced Search

Alert ID : INFO1269

Last Modified : 05/31/2018

How to Remove Malware from Your Website


Malicious code can be added to your web pages or embedded in your web server or database. This article provides guidelines for removing malware.

As a Norton Secured Seal customer, you benefit from malware checking. We check a trusted blacklist of malicious or suspected websites and let you know by email and in the console if your site was identified as hosting malware.websitewebsite

How do I remove malicious code from my website?

The method to remove the malware from your website depends on whether the malware is on your web pages or injected into your database. Below are some general guidelines for removing the malicious code. If you are not familiar with how to update your web pages or database, consult an IT professional for further assistance.

When your website is infected with malware, it is likely that one of the following has occurred:

  • The password to your Web server is compromised. Change your password immediately to prevent future malware attacks.

  • There is a vulnerability in your database. Vulnerability assessment and remediation is recommended to prevent future injections of malicious code.

  • An advertisement served to your site is delivering malicious code. Contact the ad provider and ask them to validate that the ads they are serving are free of malware.

Replace infected pages with a clean backed-up version:
 If you back up your web pages regularly, and you believe you have a clean version of the web pages, you can always replace your infected web pages with the clean backup.


Remove malicious code from infected Web pages manually: If you do not have a clean backup of your web pages, then manually remove the malicious code from infected web pages. Check with your website developers and server admins to identify and remove the malware from your website.


Remove malicious code from your database: If the same malicious code appears on multiple pages or you previously removed malicious code from your site and it reappears, then the malicious code most likely is residing in your database. To remove malicious code from your database, search for the malicious code string in character fields. Once you have found the malicious code string, delete it from your database. If you have web pages that are infected, make sure to remove the malicious code from the pages as well.


Ensure that all instances of malware are removed from your site: If malicious code is found on your site, there is an increased likelihood that additional hidden instances exist on your web pages that are not actively delivering malware to your end users’ PCs. As a best practice, we recommend that you review your web pages for any iframes that point to sites that you do not recognize or that appear suspicious to you.

Other related articles:
iDefense Web Malware 101, section 3.3 Repairing the Damage (see attached file)