• Frequently Asked Questions

  • Can you clean my website if it is already infected with malware?
    Yes, we perform cleanup to already infected websites.
  • Do you provide website protection?
    Yes, Quttera's proprietary Web Application Firewall (WAF) protects against a wide range of attacks and security threats like Cross Site Scripting (XSS), Shell-code, zero-day (0-day) including OWASP Top 10 and many more. Quttera's unique threat detection technology powers WAF traffic filtering rules which are maintained by a dedicated team of seasoned security professionals.
  • If my site has malware and I move the domain to another host, will that fix the problem?
    It depends on the malware infection source. If the infection comes from the web hosting where your website is hosted, moving to a new hosting will fix this issue. However, if the infection comes from e.g. a not patched website vulnerability or the infected files that were copied to the website backup, the malware will migrate to the new hosting as well.
  • Can I use your DNS-WAF if my website is hosted with WP Engine hosting?
    Yes, but you'll need to contact hosting support (Wp Engine Support) and update them that your site is behind reverse proxy server (WAF). Hence, you request to enable interpretation of X-Forwarded-For/True-Client-IP and configure it to accept requests from any IP address.
    For example the following lines should be added to nginx configuration file:

    • set_real_ip_from 0.0.0.0/0;
    • real_ip_header True-Client-IP;
  • Do you offer a one-time cleanup?
    No, we do not provide one-time malware removal. All our plans include unlimited malware removal.
  • Why are your prices much lower than the competition?
    The majority of the competition need to spend money on licensing the 3D party anti-virus/anti-malware software to provide the services. At Quttera, we have developed our own, unique, state of the art malware detection technology that has become a brand in the cybersecurity industry. All of our services are based on our patented engine, and we don't need to pay any other software company.
  • Do you offer a refund?
    Yes, we do offer a full refund in case:
    1. A refund has been filed within 30 days from the purchase day, and no malware removal request is submitted.
    2. We are not able to remove an infection.
  • Can I communicate with the support team via phone?
    We handle all malware removal requests via our ticketing system. You are welcome to contact us on the following numbers if you still would like to speak to one of our representatives:
    US +1 (323) 540-5642
    IL +972 (0) 337-413-04
    Please note that in case we are busy and not able to take your call, please leave a voice message, and we will get back to you as soon as possible.
  • How do you define a website?

    Here at Quttera, we define a website in most cases by a unique fully qualified domain name (FQDN).
    Please note that we have an additional policy to a website definition for sites that use Content Management Systems (CMS) such as WordPress, Drupal, Joomla, and others and treat a website based on unique CMS installation and setup.
    Here are few examples to help you out to learn more about the additional policy:
    A. The following website structure will require a dedicated license:
    mydomain.com directs traffic to mydomain.com/subdirectory
    B. The following website structure doesn't require a dedicated license since we will handle it as part of the main website:
    mydomain.com/blog or mydomain.com/shop
    C. The following website structure will require three licenses for your primary domain and the sub-domains since they will be pointing out to unique CMS installation on your backend:
    mydomain.com, blog.mydomain.com, and shop.mydomain.com
    If you have any additional questions, please do not hesitate to contact us on support@quttera.com

  • Will you clean all the websites within my root account/user?
    Please upgrade your ThreatSign! Plan to cover all the websites under your account/user.
    We will scan all your websites since this is done automatically but malware removal and all the websites auditing won't be initiated, and we won't be able to assist with blacklist removal to other websites until you have the appropriate plan in place.

  • Could you please clean my sub-domains and test websites?
    A license is required for every sub-domain (sub-domain.website.com) and an individual website structure. Please note that we remove/ clean malware from sub-directories (website.com/ sub-domain) located within the main root website. We do not clean/remove malware from other databases outside the main site and do not remove blacklist associated with a sub-domain that is not directly associated with the main website.
  • What additional fees do I need to pay?
    There are no additional fees and no hidden costs. The plan price you see is the price you pay.
    All our prices are listed in USD and the conversion rate will be automatically applied via our third-party e-commerce system.

  • I just signed to a ThreatSign! plan, how do I remove malware from my website?
    Please submit a malware removal request via ThreatSign! Dashboard (at the bottom left corner). Once malware removal request is submitted, a support ticket will be assigned, and all the communication about the malware removal will be done via the support ticket. The ticket number and link are shown at the end of the submission as a confirmation, and it is also emailed to you by our support system automatically.
  • Is there a need to install your application on my website?
    No, the setup is quick, simple and straightforward. Once registration is completed, you will be able to access your account via the dashboard. More details on how to operate your account are available here: ThreatSign! dashboard guide
  • What information do I need to provide to remove malware from my website?
    The malware removal is done by accessing your website's backend such as your website server.
    The access is done via FTP/ SFTP and SSH. Once we have the login details to your site's backend, we will be able to remove malware from your website.
    Please note: if you are not familiar with your FTP/ SFTP and SSH details, please contact our support team, and we will help you out to obtain the details.

  • How do you define unlimited malware removal?
    It is very common for a website to get re-infected due to misconfiguration or security issues. That's why it is important to have both External and Internal security monitoring activated in your ThreatSign account to allow quickly detect, report and fix any malware. In case a problem got detected and reported via the monitoring mechanism or via any other means, our support team will assist in the remediation and cleanup.
    In the case, the reinfection require manual removal of malware, we will notify you and provide recommendations to improve your website security. The unlimited malware removal requests mean that your website will be cleaned up again absolutely free.
    However, this feature is subject to the terms of use that require website owners to follow our recommendations and take actions to avoid re-infection. Please note that if you do not implement or take action to address these, we reserve the right to refuse this service until appropriate actions are taken on your end. This does not constitute a case for a refund.

  • Do you work on a daily basis?
    Yes, we provide support 7 days a week and 24 hours a day.
    Please expect a delay during weekends and holidays as we have limited staff and malware researchers on duty.

  • Do you perform a backup to my website before the malware removal process?
    No, we do not provide backup service. Please note that we do backup any file that we modify and/ or work.
  • Will you damage my website during malware removal?
    The malware removal is automatic as well as manual, and sometimes the malware removal process may corrupt your site. Usually, a website is already broken/ damaged as a result of the infection. Please note that our team includes experts from all the fields so please contact our support team via our ticketing system if you experience an issue with your website once malware removal process is completed.
  • What type of exploits Quttera engine is capable of detecting?
    Quttera capable of detecting JavaScript exploits found in HTML pages, malicious PDF files and exploits hidden in images and other media content.
  • What is a security vulnerability?
    In software, security vulnerability mainly refers to a bug or defect in program/application which allows cyber-criminals to execute malicious code that further downloads and execute malware.
  • How are vulnerability exploits used to propagate malware?
    The initial target of vulnerability exploit is to gain control over CPU of an attacked computer and further open a communication channel with the attacker (or dedicated server). In the majority of the cases, such connection is then used to download and execute malicious software on the invaded system.
  • Web Investigation System. Why investigation of URL sometimes takes too long?
    In most of the cases, this is due to a server load. A large number of concurrent scan requests may affect the speed of the investigation. You can continue browsing our site or come back later and enter the same URL to check what is the status of its investigation.
  • Web Investigation System. Why investigation of URL sometimes "stuck" on the Download stage?
    After the URL is submitted, you can observe its status in the "Current status" field. When the content is being downloaded the status is changed to "Download". This stage of the process might take a while due to traffic limits or low download speed. Investigation time = download time + scan time.
  • What is an all-include.js file in the investigation report?
    HTML file may contain separated JavaScript code in several places and also it might contain "includes" from other JavaScript files. What is done in the all-include.js file is a merge of all JavaScript sections and code found in external "include" into a single file. Sometimes, the invocation of the vulnerability exploit is located in the HTML file and the body of the exploit is located in the external "include."
  • Web Investigation System. Getting 'link is not valid' in the Current Status field.
    In the majority of cases, this is due to the redundant spacing. Make sure you haven't added space before and/or after the URL string in the URL input box.
  • My website was found Clean. What does it mean?
    The free scanning web engine works totally from the outside probing and analyzing the same Web pages that your customers see. In other words, we scan a website externally only with our free web scanner and we only access to what is visible in a browser such as Internet Explorer, Firefox, Chrome, etc. If you have a hidden malware within your website system files or core files that don't render content on the browser, it will not report malicious activity.
    If you still think that your website is infected with malware or hacked, please contact us at support@quttera.com. We can scan your website internally and perform a full manual audit of your site as well as clean any infection that our free scanner didn't point out.

  • My website found Potentially Suspicious. What does it mean?
    At least one file is Potentially Suspicious, and the rest are Clean. Potentially Suspicious status assigned to pages that contain HTML/JavaScript content previously met in both malicious and clean sites. There is a high probability that this content is clean, but it still requires your attention to eliminate any doubts. Pages under this status may contain hidden iframes and some well-known encoding procedures used to decrease the size of JavaScript code.
  • My website was found Suspicious. What does it mean?
    At least one file is Suspicious, and the rest are Clean or Potentially Suspicious or both. Suspicious status assigned to files that contain HTML tags and JavaScript code previously met in malicious sites, and it is unlikely to be used for non-malicious activities. Pages under this status may contain the reference to hidden URLs, iframes referencing hidden URLs, obfuscation of JavaScript code that could be used for malicious activities.
  • My website was found Malicious. What does it mean?
    At least one file is Malicious, and the rest are Clean or Potentially Suspicious or Suspicious or files of all three types. Malicious status is assigned to files containing binary vulnerability exploits, PDF files containing malicious elements like embedded PE files, and other known and/or "zero-day" threats.
Cloud-Based Web Application Firewall
Malware Cleanup & Blacklist Removal
Website Malware Monitoring
Website DDoS Protection