<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Arial; font-size: 12pt; color: #000000'>I googled some of the code and found this:<br><br>http://blog.bigg.net/2009/12/gnu-gpl-trywindow-onload-functionvar-trojan-fix/<br><br><br>----- Original Message -----<br>From: steven@vermoere.net<br>To: support@drupal.org<br>Sent: Wednesday, December 30, 2009 9:58:50 AM GMT -05:00 US/Canada Eastern<br>Subject: Re: [support] Hacked or not<br><br><br>I'll check it ASAP, but I do not see anything special at this moment. I'll<br>keep you informed.<br><br>Thanks<br><br>>> I checked the other websites that I have and they all have the same<br>>> problem.<br>>><br>>> They are however all at other hosting companies. All usernames and<br>>> passwords are different and are composed of random characters (capitals,<br>>> numbers, non-capitals).<br>>> All Drupalversions are also different (1 most recent, other one 5,<br>>> another<br>>> one 6)<br>>> I find it difficult to believe that all sites are hacked at the same<br>>> time,<br>>> with all different hosters at different locations.<br>><br>> Sounds like your PC has been comprised and someone has access to all<br>> FTP accounts stored there. I would run a very thorough check on your<br>> local machines for viruses and/or other unwanted nasties.<br>><br>> F<br>> --<br>> [ Drupal support list | http://lists.drupal.org/ ]<br>><br><br><br>-- <br>[ Drupal support list | http://lists.drupal.org/ ]<br></div></body></html>