Recently my machine was struck with a malware. There is a difference between malware and virus is that Malware is more hidden, difficult to detect and privacy killer. Malwares often cannot be detected by ordinary antivirus.

The Start: How it all happened? 
There might be two ways in which malware could have infected my machine.
I opened an email from a trusted source: Normally we are told to open email from trusted source only. But what if even the trusted source too has a virus. In this case an email attachment( a word doc) might have brought malware to my computer.
Local installation of WordPress

I like to play around with wordpress a little. Due to this I have lot of inactive plugins that are lying on my local wordpress installation. A few of those plugin use a file knows as Timthumb.php. This file is used to create smaller images of the images that are stored in your wordpress blog. The problem is that timthumb has a problematic code, if not corrected can lead to hackers using it to plant malicious code into your wordpress which can be hacked by any hacker.

I normally keep my Antivirus updated and running. However when a malware infects your system it deletes the antivirus. At that time, you will know that your computer is infected. There is no way you can otherwise find out if there is anything lurking in your system
What happened next?
I noticed that my browser was forwarding any query I made to Google to another server. I checked on Google help forum. It was a redirection virus . I thought it was easy to eliminate but Antivirus could not catch it at all.
Soon malware decided to strike back.
The Malware once it made itself visible planted itself in rootkit of windows. Rootkit is defined as the place where all the windows system files are located. The malware attacked AFD.SYS first and put a lock on it.
I ran the antivirus on the system soon to discover that anti-virus has been deleted too. I tried to install another antivirus but could not. Malware was not allowing me to do any antivirus installation. Panicked, I started looking out for malware removal software. First one was malware bytes. In a moment it found out where the malware was. But before it could do anything, malware deleted Malwarebytes too. Can you imagine that?
I did not know this but the famous FTP program Filezilla stores all the passwords of the website in a plain text file. This file was read by malware and it executed the FTP command to infect my websites. Soon I started getting some corrupt Javascript code at the bottom of my website. This is a big problem as it places spammy links on the site which can lead to penalty by Google.
I did not what to do . I tried safe mode windows and then tried installing the antivirus but it did not work. I took backup of system only to find that backup also got the malware now
It was like a terminator attack. I had to gain back my system and data and save my website which started appearing on anti-virus warning radars.
I contacted my hosting company and they said that it could be some kind of false positive. Neverthless I asked them to run scan. I started my own investigation.I found that each index.php was infected with a script that reads data from a server and inserts at the bottom of web page. I first cleaned up all index.php. There was a script file too added which my hosting company removed. In the end the problem was gone at least for the websites
Now it was turn of my machine. I downloaded Hitman Pro which was able to isolate the virus. The only problem was that it was lodged in the rootkit. I was getting bored of cleaning it up and decided to delete afd.sys file. Next all I could see was that there was no internet connection while virus still remained. It took me eight hours to recover from the problem but I had lost the internet connection completely. I was not without backup but it was infected too.
Slowly , I moved each of the file into the backup I connected the backup disc to another machine and scanned it. Fortunately there was only virus and no malware in the backup disc. I immediately copied the contents of backupdisc to my machine.
Having made my back up safe, I decided to reinstall the system. I had a few software. I downloaded a program from internet to discover their keys. I had original mails from the software companies from whom I purchased the software. Once I knew it was good to go, I used my recovery disc to reinstall the computer.
I rescanned everything and then copied the files back into the machine. Till now I have not received any problem with virus.
For website, I did changes to Timthumb.php to make it secure, deleted all unused plugins and themes.
For my local installation too, I repeated the same thing.
Learnings : 
  1. Keep a good backup always.
  2. Keep the keys of purchased software.
  3. You might not be able to recover your machine if root kit is infected.
  4. Before copying your data to another machine do a full scan.
  5. Keep Virus definitions updated.
  6. Invest in a good anti-malware software.
  7. Delete unnecessary plugins/themes from your word press directory.
  8. Do not store your password in Filezilla.
  9. Keep the firewall running.
  10. Try to change the password frequently.

———————————————————————————————————————————-
Ashvini Kumar Saxena is an entrepreneur, blogger and wordpress lover. He writes on entrepreneurship, leadership and motivation. You can find some really good articles on entrepreneurship at his site http://aks-blog.com