General Information ID : INFO1699
Malicious code can be added to your Web pages or embedded in your Web server or database. This article will provide guidelines for removing malware that has been identified by GeoTrust's malware scan.
As a GeoTrust Trust Seal customer, you benefit from GeoTrust malware scans. We scan your Web site daily for malicious code. This code is targeting your Web site visitors' (end-users') Personal Computers (PCs) with a type of malware called Drive-by Downloads.
If malware is found on any page within your Web site you will receive an email notification that your Trust Seal has been turned off and the details of the malware found will be displayed on the Malware tab of your GeoTrust User Portal. If you have not already done so, sign in to your GeoTrust Trust Center account to see if malware has been found on your Web site.
How does GeoTrust determine if there is malicious code on my Web site?
GeoTrust's malware scan follows the malicious code back to its source and identifies pages that are actively delivering malware to your end users' PCs. This means that if a Web page on your Web site is identified to have malicious code, your Web site visitors are receiving malware on their PCs.
How do I remove malicious code from my Web site?
The method to remove the malware from your Web site depends on whether the malware is on your Web pages or injected into your database. Below are some general guidelines for removing the malicious code. If you are not familiar with how to maintain your Web pages or database, consult an IT professional or contact GeoTrust Technical Support at https://www.geotrust.com/support/chat/tech-support.html for further assistance.
When your Web site is infected with malware, it is very likely that one of the following has occurred:
Replace infected pages with a clean backed-up version: If you back up your Web pages regularly, and you believe you have a clean version of the Web pages, you can always replace your infected Web pages with the clean backed up version.
Remove malicious code from infected Web pages manually: If you do not have a clean backup of your Web pages, then you can remove the malicious code from the infected Web pages. Do the following:
Remove malicious code from your database: If the same malicious code appears on multiple pages or you previously removed malicious code from your site and it reappears, then the malicious code most likely is residing in your database. To remove malicious code from your database:
Ensure that all instances of malware are removed from your site: If malicious code is found on your site, there is an increased likelihood that additional hidden instances exist on your Web pages that are not actively delivering malware to your end users' PCs. As a best practice, we highly recommend that you review your Web pages for any iframes that point to sites that you do not recognize or that appear suspicious to you.
Where do I see what malicious code was found on my Web site?
I have removed the malicious code from my site. What do I do next?
Note: Clicking on the attachment below will open a new browser window.