Malware not only can infect your computer but your website itself, and it can happen to the best of us. If this happens to you and your website becomes infected with malware, then search engines like Google will flag it and warn anyone who finds and clicks on your site in its search engine of the malware issue before they access your site. In case you couldn’t guess, this absolutely KILLS your traffic and can even cause your ranking to drop. If you find that your site has fallen victim to it, here’s how to remove malware from your site.
First, do a full virus/malware scan of the computer which you use to interact with your website. It’s possible that a problem here can spread to the files which you upload to your site and contaminate your site in full from there. I specifically use a free program called Malwarebytes for this.
From there, go ahead and delete the files on your server in full. MySQL files are generally alright to keep intact because they are kept on a different server, but if you have a backup then by all means clear that, as well.
Next, change your FTP passwords for your site and update any files/scripts to the latest versions as hackers oftentimes go after webmasters who use outdated versions which are known for their exposed vulnerabilities.
Check the malware warning from Google itself to see which specific files may have been affected. Once you know that you can go ahead and reupload any files assuming the scanner didn’t find any problems on your files.
Finally, using Google’s webmaster tools you can file a “malware review request” to get Google to come in and do another sweep of your site to ensure that you are now malware free so that your site can go ahead and be unflagged and stop scaring off visitors.
For more information on this, check out Google’s Webmaster Central which has a section for learning how to recover from a malware infection.