Is your blog infected with mikkiload virus/malware, and you are not sure how to completely remove it from your wordpress without affecting your blog? I know it’s frustrating when something like this happens with our blog, but there is no need to panic. This kind of thing happens often, and removing mikkiload virus/malware or any other malware from a wordpress blog is easy.
Removing the mikkiload virus takes just 30 minutes of work so if your wordpress blog is also attacked with the mikkload virus then follow this guide till the end, and your blog will be virus-free until the end of this post.
Note: This guide is specifically for removing the mikkiload virus from the wordpress blog, so if your blog is affected by any other virus or malware and you are not sure how to remove it from your blog, then you can reach me out at hello@mytechtalky.com, and our team will help you with it completely.
Before getting to any steps, make sure you have access to the MySQL database of your blog along with access to your wordpress admin console.
Suggestion: If you are new to WordPress or don’t have any technical knowledge of how wordpress works, or don’t know how to operate the database of your blog, then I would suggest you hire some technical guy who can help you out with this. You can also hire us if you like 🙂
But wait, before moving any further, let’s first know what is this mikkiload virus and badly it affects your blog…
Table of Contents
What is Mikkiload Virus & How Does it Affect Your Blog?
Mikkiload is a trojan virus that affects your system and also hijacks your wordpress database and also attaches itself to various of your posts, widgets, and plugins.
This virus is commonly spread from the malicious plugin or theme which you might have downloaded from any third-party website. Other than that it also spreads from poorly coded plugins or themes.
In my work experience, whenever someone asks me to remove the mikkiload virus or any other malware from their blog, the main cause I find is either a nulled plugin or a nulled theme. Some of the time I also saw that some official plugins with no maintenance and rating on the wordpress repository caused this issue as well.
So I always recommend people to use plugins and themes either from the wordpress repository (that too has a good amount of reviews & ratings) or either from the official provider of the theme or plugin you wanted to use. Never download from any other source and never use any nulled plugin on your blog.
Steps to Remove Mikkiload Virus from WordPress!
So here we are with the step-by-step guide for removing the mikkiload virus completely from your WordPress blog. Let’s get started.
But remember to follow all the steps properly and always make a complete backup of your wordpress using the Updraft Plus or All-in-One WP Migration plugin before making any changes to it. Removing this virus is a bit tricky because we will be directly working with the database of your wordpress. So please follow carefully and have a backup first.
Remove Mikkiload Malware/Virus From the Widgets
As I mentioned earlier, this virus attached itself to the widgets, posts, plugins, and also the database of your wordpress we will check each of them for malware. It hardly takes a minute or two to check and remove it from the widgets.
First of all, go to the Widget section of your WordPress by WP Admin > Widgets and open all the widget sections one by one and check for any of the “Custom HTML” or “Text” widgets. (Mikkiload Virus attaches itself with any of the widgets which take some HTML or text to it so that it can execute its code in your website.)
Once you locate any of the “Custom HTML” or “Text” widgets open or expand it and check if it has any malicious code at the end of the content (as shown in the image below).
Usually, Mikkiload inserts its malicious content in between the <“script src=”…”></script> tags (where there will be a bunch of code in between the src tag) so that it can execute the javascript code on your blog. If you find any such code make sure to remove it completely.
Now repeat this process with all the widgets in your blog and make sure you didn’t leave any of the widgets out. Mikkiload virus infects your site by executing codes from the javascript code so make your if you are using any other widget to add javascript to your website other than “Custom HTML” or “Text” and check them for the malicious code as well.
So after removing all the malicious codes from our widgets let’s move to the posts to remove the malware.
Remove Mikkiload Virus/Malware from WordPress Posts
This is the tricky part of the article, we are going to use SQL queries to remove all the malicious codes from your post. You can also remove it from the post by checking all the posts one by one, but if you are having hundreds of posts, then it is going to take a lot of time so we are going to use SQL instead.
You can also use a plugin instead of SQL queries if you are not familiar with the SQL or if you don’t have access to MySQL but for me using a plugin sometimes doesn’t work properly so I prefer to use SQL instead. You can use any of the plugins which support regex such as “Search and Replace”. Just make the regex accordingly to the steps given below, and you are good to go.
So to remove this virus from our posts, open your control panel (In my case it’s Cpanel) and go to the “phpMyAdmin” option.
I am using VPS with cPanel as my control panel so I am writing the steps to login into it. Most of the bloggers prefer to use cPanel only but if you are not on cPanel, then you might need to follow the steps for your control panel to login into your phpMyAdmin or whatever software you are using to work with your database. If you don’t know how to access your database then I might suggest you either google it or hire some professional.
Once you are inside your phpMyAdmin, click on the database name of your wordpress and then click on wp_posts (again the prefix “wp_” may vary from user to user, just remember it has “posts” as a suffix at the end of it)
This is the table where all the data of your posts/pages and their revisions are saved.
Now click on the SQL at the top of the menu as shown in the image and type the query given below. If you are curious about what this query is doing exactly, then it’s just searching for posts or pages which are having malicious code in them, and then it will print the post names and the contents of those posts.
Query;
SELECT post_title,post_content from wp_posts WHERE post_content like '%mikkiload%'
Also if you have any other prefix other than wp_ then please change the prefix wp_ to the prefix of your wordpress prefix otherwise this query will throw an error.
Now you will see various posts on your screen. If the above query doesn’t fetch any of the posts then none of your posts will be affected, so you can move to the next step directly.
Now open the post_content of each of the posts one by one and slowly scroll to the bottom of your post and check for any malicious code just like we did in the widgets section.
You will find the <“script src=”…”></script> tag at the end of your content, just delete the script tag with everything inside it and hit enter to save it.
Do this with every of the affected post, and after completing this step, rerun the query to make sure that you didn’t miss any of the viruses.
Now the only thing left to check is the plugins and themes which are installed in our blog. So let’s move further.
Remove Mikkiload Virus/Malware from Plugins and Themes
So for this step, we need to login into the SSH of our system (If you are using a VPS/Dedicated server).
If you don’t have any access to your SSH or you are using shared hosting, then you might need to download all the files in your system & extract them in your system, and then change the command given below accordingly. If you are on Windows, then you might need to run the given command using Powershell.
After login into your, SSH go to the directory where your wordpress is installed and make a complete backup of your wordpress files and folders (i.e, all the files inside public_html including wp_content, wp_includes, and wp_admin) and store the backup safe until this process is completed.
Now run the command in your server, or else if you downloaded the files, then run this command in your system.
grep -r "mikkiload" /home/username/public_html/
Change the username and location in the given command as per your system’s username and location.
This command will recursively check all the files inside your folder named public_html for any occurrence of the Mikkiload virus and will return the filename which is affected by the Mikkiload virus.
Now simply remove the plugin or the theme whose file is affected by this malware, this plugin or theme might be the reason for this virus attack in the first place, so don’t install it again and use some other alternative of the plugin.
If you downloaded it from the official wordpress repository, then please report this instance also and avoid using the plugins or themes which have no ratings to them. Always test and check for vulnerabilities before using any such plugins on a live website.
Frequently Asked Questions
Is there any plugin that can help me to remove the Mikkiload virus easily?
Yes, there are various plugins out there that help in removing the virus/malware from wordpress automatically, such as Wordfence and Sucuri, but in the case of the mikkiload virus, they were not able to recover the website completely (I tried it using their free version of plugins) so than I have to manually do this process.
So I will suggest either you try their premium plugin or you can follow the steps given above to remove the virus completely from your wordpress blog manually.
Does Virus or Malware attacks affect my website ranking on Google?
Yes, if you’re website is infected with any kind of malware or virus for a long time, and google detects it, then surely Google will take action on your website, and your ranking will decrease. So if something like this ever happens to you, then remove all the malware from your website without wasting time.
You can also use the tool known as Google Safe Browsing Diagnostic which shows all the pages with issues on your blog. If it shows any issue on your website, you need to solve it and submit it via Google search console.
How to check a plugin or theme for malware before uploading it?
Yes, there are various websites such as VirusTotal which scan all the files of your plugin or theme and check for any virus or malware instance in them. You need to upload the plugin/theme in the zip format on your platform, and it will handle the rest.
Wrapping Up
I hope this guide helped you remove and clean your website from the Mikkiload Virus completely. I used this method to clear various of the affected sites from this virus. I know this method is a bit tricky and lengthy, but it is the only way to remove the virus completely from your blog.
If you are trying this method to remove any other kind of malware or virus, then I may not guarantee that it’s gonna help you as each of the viruses has a different type of attack pattern, and so the way of removal of each of them is a bit different from one another.
If you have any queries or if your blog is also affected by any of the virus/malware, you can simply use this contact form or email us at hello@mytechtalky.com, and we will help you.