For the first time i've encountered the problem of an iframe-virus myself, I searched and searched for a solution, also made a script to remove the iframe injections automatically but that's just a little bandage on an open wound...it does the job of removing the entries but it doesn't protect against such an attack. I actually had to force the admins of my site to cleanup their pc's before I granted them acces to the ftp-account again. As mentioned in this thread there's only the solution of reformatting the pc/mac (ow yeah it does embed itself into macos to :s) ...changing passwords of all ftp accounts on the server and panels (d.a. , cpanel)... Till now i haven't found another solution :s
Good work. Many people have complained that it's not them and only the host. I've recently found the same issue in insecure directories which a file is uploaded and then once accessed it deploys the code to all of your .php files. This particular version affected only php files, not text nor html nor java, etc... just php. I've also found that if the root file is not removed, the code will continue to replicate like cancer in your site. Another version I've caught which is much more obvious to webwasters is one that will cut all of the affected files in have rather than injecting them in a unseen/unheard manner. Odds are you'll be missing half of a site or you'll see parse errors. I must stress, always make backups. Once the site is clean, and you know for sure it's clean, not just google saying it's clean, create a full backup and set it aside, maybe on a cd/dvd/thumbdrive, not your hdd, just in case.
More signs, your server may be making tons of connections to 88.151.113.6 or other IPs you don't recognize. You really have to look for these. This one I just mentioned isn't an iframe, but a base64. If anyone needs help, holler.
Note: 90% of these hacks are made due to iStealers and other passwordstealers the so called "hacker" put on warez sites and torrentsites. Easy fix Stop downloading "FreeWare" from untrusted sources.
You missed one important thing - Don't save password in FTP softwares. Read more at How To Completely Remove All Malicious Iframes on Your Website
All my files are infected with iframe.. Its very difficult to remove each and every files in my linux server. Is there any simple command to search and remove iframe injection code in every files?