How to Remove and Clean HTML/Framer Virus?

Yesterday, I got a Trojan/Virus alert message from my Avast Antivirus when opening one of my Education niche blog homepage. It shows that the effected object was stored as a HTML files in my hosted web server. I goggled for the solution and figured out that the HTML/Framer virus inject some malicious code in the HTML file.

This sounds quite similar with Gumblar virus which have attacked all my company’s web servers and almost all HTML file was infected and I have to manually remove and clean the file one by one manually. It takes me a while before I found and felt in love with Notepad++.

In this tutorial, I will show you how to remove and clean HTML/Framer virus by manually delete all malicious code.

1. Download and Scan your Web Files

Firstly, you must scan all your web file to search for location of the infected HTML file.

Remove and Clean HTML/Framer Virus

2. Search for Malicious or Strange Codes

If you are using WordPress, you can check index.php first. Manually go through your code in index.php and search for any malicous or strange code.

Remove and Clean HTML/Framer Virus

3. Delete all Malicious Code

After you found the malicious code. Use Notepad++ to cut and replace the code with empty string by following these steps.

Select all your files, Right-click and choose Edit with Notepad++.

Remove and Clean HTML/Framer Virus

Copy the malicious code and paste into Find What field. Leave Replace With fields as blank.

Remove and Clean HTML/Framer Virus

Click Replace All in All Opened Document.

Remove and Clean HTML/Framer Virus

You are done! Double check and verify by searching for the malicious code again.

6 thoughts on “How to Remove and Clean HTML/Framer Virus?

  1. Aaron

    Great tutorial on the removal of this junk and props for using Notepad++ , my new favorite editor when I don’t need a full out IDE for making small changes. It’s good to note that almost all of these frame viruses spread via sniffed FTP accounts from malware on the author’s PC.

    I’d suggest everyone use SFTP to connect so your FTP account information cannot be retrieved using this simple method.

    Just my 2 cents, and hope it helps.

  2. Cari Post author

    For security we can clear all cache information stored after FTP but using Secured FTP is a better solution. Thanks for the tips Aaron.

  3. Pingback: Html Framer Virus On Twitter | Broadcasting News

Leave a Reply

Your email address will not be published. Required fields are marked *