Selecting the Right Malware Cleanup Service

How to find a trustworthy Malware Cleanup Service?

Selecting the Right Malware Cleanup Service

Did you know that WordPress now commands 35% of the internet. Did you know WordPress vulnerabilities were up 30 percent since 2017, and they continue to dominate in terms of the number of vulnerabilities published in the CMS category? And did you know everywhere from Fiverr to UpWork, freelancers or WordPress Security “Experts” are offering malware removal service starting from $5.

This combination makes it almost impossible to hire a quality security service to fix the hacked site, clean the infection and secure your WordPress site. 90% of the time, the site ends up getting reinfected again. Do you know why? Here’s how:

Malware Cleanup Services: The Real-World Scenario

A number of months ago we received an inquiry from a very nice lady named Kathy. She had hired an in-house web-developer for cost-effectiveness. One day a website visitor reported that her website was redirecting them to some external site selling Via**a.

Strange and quite difficult to believe the first time. But then another website visitor reported that they search up her website in Google and all the results came up about Via**a. Lo and behold… the next thing is she gets a warning from Google Search Console “Google has detected harmful content on some of your site’s pages.”

Another visitor reported seeing:

website infected by malware

Yikes! Well we replied and responded. However, nothing much happened beyond a few email messages.

Kathy hired someone with better pricing. How do we know? Read on…

The Real Showstopper in Malware Incidents

A week later Kathy replies to our mail:

Now you may be wondering “Whaaaat?”. But not really done just yet. She gets another one, this time from Google Ads Team.


Evidently her Google Ad campaign has been blocked by the ad review team. But only after she has already spent lots of cash in the last few days driving traffic to her site… only to be redirected to Via**a sellers.

Here’s What Has Happened so Far in This Malware Incident

  1. Kathy’s website got infected.
  2. Kathy hired a cheap freelance security “expert” to fix the malware infection.
  3. Kathy’s website got reinfected within a week.
  4. Kathy’s web-host had blocked access to her website.
  5. Kathy was spending around $150 per day on Google Ads.
  6. All ad-spend for the last several days went to the dogs.
  7. Kathy’s ad-campaign has been blocked by Google. Who want’s to send genuine buyers to some site selling Via**a!
  8. Kathy has already spent in a malware cleanup from a freelancer.
  9. Kathy’s trust has broken. She has lost money on the failed malware cleanup. Kathy is now wary of hiring anyone. Kathy is not certain if her site can even be fixed at all.
  10. Kathy still loves her site, her clients and she wants to recover what’s possible.

The Frustration of Searching a Trustworthy Malware Cleanup Service

I realized how frustrating it must be for real people (non WordPress people) to sift through coders and locate the right type of specialist for their requirements. After all, real people don’t speak code so they probably have a really hard time telling one expert from the other.

To make matters worse, real people can’t always judge the magnitude of security incidents because these incidents don’t happen everyday. But when they do happen, all hell breaks loose. What seems simple in concept might be really difficult to fix. It is always doable, but sometimes there isn’t an easy option to recover a website. It requires a proper web-security expert to deliver.

My heart goes out to these folks, because the level of frustration they must feel at times has to be high. It’s the negative part of the web-ecosystem.

The Variation in Malware Removal Service Providers

Below is a simple overview of malware cleanup service providers and a breakout of different types of them.

It includes websites like Fiverr and UpWork, even though I don’t believe in this approach. We’ve fixed a lot of websites that were cleaned for $5 all the way to $300+. So it’s surprising to see that oftentimes it’s not the pricing but the expertise and experience that delivers. The pricing variation is there by the virtue of who has the most visibility.

The Self-Learned Infection Fixer

There’s nothing wrong with being a self-learned expert. Truth is that all the professionals started somewhere. While some may come from an academic information-security background, some of the brightest and smartest hackers out there are self-learners. However in this special case the chances are high that they don’t know what they are doing. Most of the times you’ll come across individuals who have been tinkering with web-development and know their way around stuff; enough to make it or fake it. They take malware cleanups as side-gigs or when they need work. Be wary of these. There’s no guarantee that your money is being spent on the right service provider.

The IT Expert

Information technology experts are somewhat more qualified. However we need to make a clear distinction here: every Chinese is not Bruce Lee and every IT computer guy is not an information security expert. Most of the times they end up wiping the site clean and reinstalling everything from scratch; much like they do to PCs that have a software problem — Oh that one’s got a virus; need to format the system. Really?

The Web-Sec / Info-Sec Expert

These really are the specialists here. They know the tools of the trade, have years of experience under their hat and watch malware evolve everyday right under their noses. These are whom you want because your website is in safe hands with them. They work diligently to detect the malware, cleanup the infection, perform RCA (Root Cause Analysis) and harden / secure the site.

The Researcher / Enthusiasts / Nerd

The researcher is a more seasoned and experienced specialist. These are the ones who give hackers a tough time. I have one of my good friends narrate me an incident when he messed up with them. He created fake versions of each process the web-host were running inside their .cagefs version. So /home/user/.cagefs/usr/local/bin/perl was really a shell script outputing the commands and command line parameters to a log file. So the hackers (bad guys) saw it being a local perl in /usr/local/bin/perl. The bad-guy kept dong "which perl" "env perl" "perl -v" etc in the end trying to find out why it didn’t work. If he did cat perl he’d seen it was a bash script. Cool way to own the hackers.

The Web-Sec Agencies

There a wide range here. From GoDaddy who recently acquired Sucuri all the way to web-hosts selling SiteLock (if that matters) and to Wordfence and several other. The biggest challenge with the them is that they cost an arm and a leg but the specialist who does the job could be anywhere from a trainee web-security expert to a more seasoned one. The only guarantee is that after you shell out the amount, there is a certain assurance of quality control and service. The job will be done and they’ll shake a leg or two for you because you paid for it.

That said, we hear of hackers bypassing Wordfence firewall all the time and Sucuri, Quterra and Wordfence missing malware. The underlying message is that it happens to the best. And at Malcure Web Security this is precisely the challenge we solve. When bad guys get smarter, we one-up the game and ensure that we stay ahead.

The Right Budget for the Right Infection Cleanup Service

If you’ve read through the above list, you might still be wondering which one is right for you. In many cases, it comes down to solving the pain point.

The web-sec / info-sec expert is the one who will deliver and close the case. However a researcher / hacker (not the bad ones; the good guys also call themselves hackers) will certainly deliver a sure-shot resolution in all cases.

When we developed Malcure malware scanner plugin, all our years of expertise went into researching a solution that would not only be efficient and effective but also user-friendly so that the end-users have a chance to see for themselves and assess their website.

Hire a more qualified expert and clearly it becomes case of diminishing returns. You start paying up for bells and whistles rather than the solution.

The key is to balance what is needed with what you realistically must spend. And in the end you might need to read between the lines to find out the middle path without throwing away money on the unreliable ones or if you are spending too much just because you are going after brand-value.

The Bottom Line

  1. At Malcure Web Security, we develop software tools that are used by end-users and agencies alike. These software tools deliver security and detection based on the latest and regularly updated malware signatures (even as they continually evolve) and heuristics — a hybrid approach for high-precision detection without raising false-flags.
  2. Not all malware incidents are alike. They range from a database infection to file infection or OS level breach or a mix of any of these (for instance a hybrid file + database malware infection). When you hire professionals, you know this is the best use of your money for this purpose.

Once Kathy realized what was happening, she filed a malware clean up ticket with our service desk.

A Service Desk?

Think of malware incidents as analogous to real-life accidents (the bigger kinds). If there’s an eventuality in a metro, you need an incident response team, a coordination center and all that.

In general, a service desk manages incidents (service disruptions) and service requests (routine service related tasks) along with handling user communications for things like outages and planned changes to services.

At Malcure Web Security our established protocols and processes provide the safety-net for attending to malware incidents in time and efficiently with our expertise working with thousands of customers and developing cutting-edge security solutions.

Our service desk follows IT Service Management best practices. This means there’s an SLA to every incident, customer communication and service request. Service quality parameters are closely monitored as is First-Time-Resolution and various other metrics. All this to give you — our valued clients a permanent solution and peace-of-mind.

Kathy’s request was acknowledged promptly and work begun in no time. At the end of 4 hours, Kathy’s site was restored to pristine condition with zero data-loss. Not only was there no recurrence but Kathy was happy she finally could get on with her business like nothing happened.

Finally Nice to Hear from Kathy

Here’s what Kathy had to say after she reclaimed her website:

I reached out to Malcure after I tried another web-security expert but my site got reinfected. Malcure was not only able to restore my site in time, they also helped me communicate with Google Ads Team to get my ad-campaign back up and running. There’s been no recurrence since. My development team aren’t experts in malware removal. Malcure are the experts in this area, totally trustworthy!


When you hire cheap security service providers, it eventually turns out to be an expensive affair. It damages your brand reputation, kills SEO efforts, bans ad-campaigns, websites, web-hosting and what not. It has a domino effect on bottom line revenues and it takes weeks and months to re-establish the SEO ranks and to regain visitor trust.

A stitch in time saves nine. So is the case with choosing a right service provider for the job — a right malware cleanup service for fixing the hacked site!

See Also:

This article is written by Evelyn Allison. Evelyn has over two decades of experience with the big-tech corporate giants. Starting in 2002 with consumer IT remote support, he transitioned into IT enterprise support and systems provisioning for Windows and Linux servers. Her prowess spans her expertise in network security, security audit and scripting-based-automation. Actively involved in web security since 2017, Evelyn has worked with various technologies to secure the web, leveraging tech like Nginx, modsecurity, reverse-proxies, developing web-application-firewalls, on-the-fly asset optimization using Google’s PageSpeed Module and more. Her expertise is reflected in the top-tier plugins and comprehensive consulting-services she offers in the domain of web-security.