Hey, I have a website I use for my Youtube channel, and I have had viewers who use Avast tell me that it is infected with JS:HideMe-J [Trj]. I get decent traffic on my site and no other Anti-virus programs are showing this problem so I assumed it was a false positive and sent that in to Avast. Since that was weeks ago and I never heard back, it must actually have some type of virus. How can I fix this? My site is xww.popularmmos.com
Thanks
→ http://sitecheck.sucuri.net/results/www.popularmmos.com/
→ http://sucuri.net/malware/entry/MW:SPAM:SEO
your site is infected with HideMe spam. http://sitecheck.sucuri.net/results/www.popularmmos.com/
in your case it seems to be v i a g r a spam. 
HideMe spam info. http://blog.sucuri.net/?s=hideme+spam
and your wordpress is outdated. http://blog.sucuri.net/?s=wordpress
How can I fix this?Sucuri may help you.... but it is not free. http://sucuri.net/signup
Pondus is right in his reply, but I get a JS:HideLink-A[Trj] here on your site /|{gzip}
Site is flagged by Bitdefender’s TrafficLight
These are that flag the site: https://www.virustotal.com/nl/file/bb26250f9e4b16afb3bb5bf1c753ead3a9d37a0b828cfc34da8fa2ab30471ad1/analysis/
This scan misses the malware: http://zulu.zscaler.com/submission/show/2239eb3fc3e0c17e9cad8369fb53589b-1383755364
As Pondus says WP outdated: Wordpress internal path: /home/content/49/9225849/html/wp-content/themes/desire-child/index.php
Fatal error: Call to undefined function header() in /home/content/49/9225849/html/wp-content/themes/desire-child/index.php<
Update WP and override location settings or missing a semi-colon:
define(‘WP_SITEURL’, ‘http://example.com/wordpress’);(credits to WordPress support Steve the Magnificent)
define(‘WP_HOME’, ‘http://example.com/wordpress’);
polonus
So guys I wanted to say thanks for all the replies. I updated my WordPress, but to be honest I am not sure exactly what to do here. Would the easiest solution be to pay the 90 dollars a year for Sucuri (I don’t mind doing this)? Would that alleviate all my issues and then keep my sire protected from now on? Let me know if that would be the suggested solution or if there is something else I can use.
Thanks
Would the easiest solution be to pay the 90 dollars a year for Sucuri (I don't mind doing this)? Would that alleviate all my issues and then keep my sire protected from now on? Let me know if that would be the suggested solution or if there is something else I can use.recomended....that is what you get if you pay sucuri....website protection
There are more options, sucuri service or this http://www.websicherheit.at/en/website-security-check/
Our scanning here was just for the good of our souls,
polonus
Before I buy anything I just want to be assured it will completely solve the issue and if anyone tries to infect my site again it will be solved by the protection. When I get a reply I will be sure to get the protection, as more people are using my site each day.
Thanks for all the help!
Scanning the website and given it a clean bill of health is one issue and Sucuri’s can guarantee that.
The security of the hosting server on which your website resides is another kettle of fish,
there they should adjust the server configuration to such an extent it can not be easily abused by attackers/malcreants,
That means no excessive header info, no clickjacking vulnerability, all security updates etc, installed.
For a lot of hosting parties alas money come first and server security (threat and log management) isn’t their first and foremost concern.
Whenever the hosting party has sloppy security practices your site can get infested/injected “faster as you can say Jack Robinson”.
That is the situation you have to evaluate for yourself and your site’s security status.
For loads of users website security is still largely “Terra Incognita” so they end in the dolldrums.
Good you are an exception to this rule.
polonus