tobiaswillmann.de

How to clean you WordPress from JS:Adware.Lnkr.A Malware / Adware

2019-12-28

JS:Adware.Lnkr.A / Adware Lnkr goal as described here is to “inject malicious javascript in the web pages browsed by the user.”

If you are a WordPress editor you will end up with sites full of Malware / Adware code.

How to clean up

Step 1: Free you machine from the Malware

e.g. by cleaning up the whole machine or try something as described here http://entfernentrojanervirus.blogspot.com/2019/12/jsadwarelnkra-streichung-effektiver-weg.html or here http://www.securitystreets.com/lnkr-adware-malicious-browser-extension-campaign/

It was my coworkers machine so please google how to clean up you machine from the Malware… this post goes more into detail about how to clean up WordPress…

Step 2: Download your WordPress database as SQL file.

First do a backup. Maybe take the site offline during the cleanup… thus the database won’t change.

Step 3: Open the sql file in editor (like Sublime Text)

Step 4: Search for Malware code and delete it

The malware code looks in my case like this:

http://”a
http://”//criticalltech.com/1f9f5ee62aefca3cb1.js”

or

<img[^>]*onlinekey[^>]*/>

check here https://regex101.com/r/GL9YzB/2

Do “find all” and delete the Malware code.

Step 6: Upload new clean SQL

I would recommend in addition to check your system again … If everything works fine your done.

© 2020 Tobias Willmann