I see an issue in the code here: suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
-www.banknieruchomosci.suwalki.pl/js/mootools.js suspicious
[suspicious:2] (ipaddr:46.4.118.84) (script) -www.banknieruchomosci.suwalki.pl/js/mootools.js
status: (referer=www.banknieruchomosci.suwalki.pl/)saved 70248 bytes 2bc531db9e66f06b8ed8c191594d7dccbb1e151c
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
suspicious:
Also check the code following ddfs_data . It is given as suspicious here: http://www.unmaskparasites.com/security-report/?page=www.banknieruchomosci.suwalki.pl - but I cannot see any badware redirect or RFI, but check it anyway!
There is nothing malcious there per se, just might be unpatched code and/or vulnerabilities.
So it should be reported tp avast and the site can be de-blocked with a coming update…
Well it is jsunpack that flags that bit of code following a hick-up, so there must be some issue. Plug-in code should be checked regularly for RIF.
See: http://www.whitefirdesign.com/resources/check-if-a-web-page-is-redirecting-when-accessed-from-google.html
But as you mentioned this kind of malware is a fast moving circus, so they might already have broken up their tents and keeping show in another place,
e.g. have migrated their malicious activities elsewhere…
I’ve found solution for my trojan issues. After I managed to remove js:Redirector-NT [Trj] in few hours avast said that I have js:Redirector-VR [Trj] or js:Redirector-MR [Trj] trojan on my website So only solution was to upload once again all wordpress files. For 24h I have no trojan alerts!