I googled some of the code and found this:
http://blog.bigg.net/2009/12/gnu-gpl-trywindow-onload-functionvar-trojan-fix...
----- Original Message ----- From: steven@vermoere.net To: support@drupal.org Sent: Wednesday, December 30, 2009 9:58:50 AM GMT -05:00 US/Canada Eastern Subject: Re: [support] Hacked or not
I'll check it ASAP, but I do not see anything special at this moment. I'll keep you informed.
Thanks
I checked the other websites that I have and they all have the same problem.
They are however all at other hosting companies. All usernames and passwords are different and are composed of random characters (capitals, numbers, non-capitals). All Drupalversions are also different (1 most recent, other one 5, another one 6) I find it difficult to believe that all sites are hacked at the same time, with all different hosters at different locations.
Sounds like your PC has been comprised and someone has access to all FTP accounts stored there. I would run a very thorough check on your local machines for viruses and/or other unwanted nasties.
F
[ Drupal support list | http://lists.drupal.org/ ]