Urgent Help! my website is infected?

Good morning, I come up here because I have a problem with the antivirus and my website, I have a month with her and I had not problems until yesterday, when I tried to enter as routinely put new content, but I encounter with surprise that I miss a warning pop up saying that my web antivirus is infected. I’ve been scanning, the google webmaster tools and found no malicious osftware, installed two plugins that I recommend my friends to scan the web and did not find anything, so obviously you must be a mistake Avast antivirus software, I help with this as it is declining visits to my site because of a remarkably alert aflsa, hope can help. regards

Translate to Spanish:

Buenos días, llego hasta aquí porque tengo un problema con el antivirus y mi página web, Tengo un mes con ella y no me había dado problemas hasta el día de ayer, cuando intenté entrar como de manera habitual a colocar nuevo contenido, pero me cuentro con la sorpresa de que me salta un pop up de aviso del antivirus diciendo que mi web esta infectada. Ya he pasado el scan de las herramientas para webmasters de google y no encontró ningún osftware malicioso, instalé dos plugins que me recomendaron mis amigos para escanear la web y tampoco encontraron nada, así que obviamente tiene que ser un error del software antivirus Avast, pido ayuda al respecto ya que está disminuyendo las visitas de mi web notablemente a causa de una aflsa alerta, espero puedan ayudarme. Saludos

Screenshot:

http://miralaonline.net/images/LF90O.png

It is infected…

http://sitecheck.sucuri.net/results/cagadosderisa.com

Attached the screenshot script on your site that is causing detection…

nothing detected] (script) cagadosderisa.com/wp-content/themes/megusta/js/jquery.supersubs.js
status: (referer=cagadosderisa.com/)saved 3298 bytes 117e94086595338ea571402803f81d232a688994
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined variable $.fn
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var $.fn = 1;
error: line:1: …^
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
file: 117e94086595338ea571402803f81d232a688994: 3298 bytes
file: 2b63bae7e3dd9eb8137d52e74d8c1b67161562bf: 3590 bytes
file: b72412f811b80bfc0279f93b24ed773b2161ad4e: 3799 bytes
file: 6874a8e496053fcb5f65a8b06e705dcc753c8fad: 3991 bytes
file: f0fe0823d664a828489d4ee510ba5dbe4b1364cb: 3705 bytes
file: 06c79e3767d91125fa40a8645f922f1ea485074f: 3829 bytes

The malware is WP related - general write-up on WP hacks: http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/ link article on Holy Shmoly from Donncha O Caoimh malware from htxp://cagadosderisa.com/wp-content/themes/megusta/lib/php/assets/audio-player.js?ver=2.0.4.1

polonus

Hi Peter94,

The official jQuery sites are jQuery.[com/org], as opposed to jQuerys.org.

To remove these scripts, follow the locations provided in the Sucuri link and remove appropriate scripts.

1/41…
https://www.virustotal.com/file/028544e8f041cd03c68d4e49d29d9c1d49129eb9f5515e6cdd05ab04f24615ed/analysis/1344004119/