1. Home
  2. Docs
  3. Malware Removal

Malware Removal

Malware remediation is a core funciton of what Sucuri offers under it’s Website AntiVirus product line. To initiate the security response associated with your plan, you will need to submit at ticket so that our analysts can take appropriate actions.

It’s important that every ticket submitted is associated with a domain on your account as it’s how we track and account for customer plans.

How to initiate a Malware Removal request?

Please open a malware removal request ticket. This option is made available when you first subscribe to the service, and readily available via your Support Dashboard:


This will take you to the Malware Removal form:


Be sure to select the domain you are interested in. This domain should be the domain that is having the issue. It should be the domain in your monitoring dashboard, and will be the domain that the analysts inquire about.

There will be a few key elements we require to start the process:

I’m having trouble with: This item will allow you to give us more information about the issues you are experiencing with your website. Our analysts will receive that intel and make sure to address all the items selected.

Connection Type: This tells us how to connect with your server. The preferred and most secure methods are SFTP or SSH, but we do allow for FTP connections and cPanel credentials if you are unsure about (FTP/SFTP/SSH).

FTP stands for "File transfer Protocol" and SFTP for "Secure File Transfer Protocol". This is a connection mechanism used to log into servers to edit/add/remove files. We need this to log into your site and begin the cleanup process. If you do not know where to find your FTP/SFTP information, please contact your hosting provider.

This information can be found in hosting accounts support panel, and we also provide a section in this KB dedicated to some of the more popular hosting providers: Hosts – FTP Instrucitons. We encourage you to visist this instructional page, but know that our team is able to assist if required.

If you do know know the connection type, please select the Other / Don’t Know option in the connect type drop down and provide us with access to your Hosts Administration Panel (cPanel, WHM, etc).

Note: This is not your CMS administration panel (i.e., WordPress / Joomla! admin), this is the account you use to log into your host: GoDaddy, HostCow, SiteGround, etc..

Once everything has been filled out, just click on “submit request” and you’re all done!

After we receive your ticket we will have your site cleaned within the next few hours. You will receive an email if we need clarification, or once we have an update on your case. If you have questions, please update the ticket.

FTP/SFTP host: This is the name of the server that we will need to connect to.

Username: The username we should use to log into the server via the connection type identified above.

Password: The password associated witht he username associated with the server that we need to log into.

Connection Port: Depending on your server, you might have different port configurations we need to use. By Default, we’ll try port 21 for FTP and 22 for SFTP. If you have a unique configuration, we encourage you to add it here so that we can quicly connect. This is optional, but worth thinking through.

Site Directory: Depending on your host, you might have multiple directories under one hosting account, all associated with different domains. It’s important you identify the full path of whichever domain expeirencing the problem. Not doing so early could introduce delays to the process. Optional, but highly encourage if you have a lot of sites on your hosting account.

We are traditionally very fast to respond, but some of the biggest delays come from bad credentials. It’s important you work with your Developer / Hosting provider to understand the details of how to connect to your server. If Sucuri agents cannot connect, or gain access to the environment, they’ll be unable to perform their jobs. The biggest delays we experience are often attributed to bad credentials, so please verify.

Was this article helpful to you?