Hello,

I tried to log onto my site today and got a warning that it was infected with JS:Small-C [Trj], and it was in the favicon.ico.
I searched around this site but couldn’t find a solution. I checked the index file and didn’t see anything amiss, nor is there a favicon.ico on the server.
This is the site:
http: //earpoke.com

Any ideas?
Thanks,
-Slappy

This page seems to be
http://www.UnmaskParasites.com/security-report/?page=earpoke.com

scrool down the page to Suspicious Inline Scripts “Obfuscated script”

Hi slappy,

Yes, there is a suspicious inline script found, and that because on the website is an insecure version of software: WordPress 2.6.2 - Warning: Old version of WordPress. It may be vulnerable. Please upgrade.

This is the obfuscated script, well the beginning:

document dot write(unescape('%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22%6A%61%76%61%73%63%7... 

I changed it for obvious reasons here, you should also make the link you gave non-clickable like WxW or htxp etc.
The script takes you to hxtp://liveavantbrowser2.cn which gives a 502 a bad gateway, which is known for adding malcode to real sites to raise this warning…

polonus

Okay, thanks a lot guys.
So if I upgrade that should clear up my problem?

Hi slappy,

If you upgrade you will be protected the next time exploits are being abused to do this to your website, well you have to take of this malcode by all means, the upgrade alone won’t cure your site being infectious, take the inline obfuscated script off of your website, then upgrade your WordPress version to the latest version…

polonus

Hi Polonos,

THanks a lot for your reply. Where is this inline script hiding on my server?

edit: The code lives in the header.php
If only I could fix my real head by deleting malicious code.

-Slappy

Hi slappy,

Instructions right here, my friend, known as Tips for Cleaning & Securing Your Website, http://www.stopbadware.org/home/security (http://www.stopbadware.org/home/security).
Remove the malicious code,

polonus