How to Remove and Clean HTML/Framer Virus?

Yesterday, I got a Trojan/Virus alert message from my Avast Antivirus when opening one of my Education niche blog homepage.

It shows that the effected object was stored as a HTML files in my hosted web server. I goggled for the solution and figured out that the HTML/Framer virus inject some malicious code in the HTML file. This sounds quite similar with Gumblar virus which have attacked all my company’s web servers and almost all HTML file was infected and I have to manually remove and clean the file one by one manually.

It takes me a while before I found and felt in love with Notepad++. In this tutorial, I will show you how to remove and clean HTML/Framer virus by manually delete all malicious code.

1. Download and Scan your Web Files

Firstly, you must scan all your web file to search for location of the infected HTML file.

2. Search for Malicious or Strange Codes

If you are using WordPress, you can check index.php first. Manually go through your code in index.php and search for any malicous or strange code.

3. Delete all Malicious Code

After you found the malicious code. Use Notepad++ to cut and replace the code with empty string by following these steps.

Select all your files, Right-click and choose Edit with Notepad++.

Copy the malicious code and paste into Find What field. Leave Replace With fields as blank.

Click Replace All in All Opened Document.

You are done! Double check and verify by searching for the malicious code again.

Conclusion

Not sure how the files affected with this HTML/Framer virus.

After cleaning those malicious code, it is advisable for us to run a full security health scan to the web server.

It is important to ensure that there is no backdoor is setup in our web server.