I'd check your database for rouge entries, users.

Double-check your file permissions, and if your on a shared host, it might be a bad security setup in the host, allowing access to the files. Are these scripts served from the db or are they in the source files?

Do you have a better example of the scripts? (and the domain, if the site is in production, would be useful).

Im using an external ISP to host the site. These scripts were put into the ASP. The DB seems to be untouched...for now.

This is the exact script that was entered into the site.


Im using google analytics which contains "Document.Write". Might they be using this to enter it into the pages?

Heloo, my site is attacked by this script.

all of aspx, html, js... files have got it

I cant remove it day by day ...

pls help

See here:
Hi,

Já vi virus causando isso, como está acontecendo no provedor, trata-se de um virus nos servidores do provedor. I have seen virus causing it, as is happening in the provider, it is a virus on the servers of the provider.

O problema é que nunca admitem, se pelo menos resolverem, ótimo, do contrário o jeito é trocar de provedor. The problem is that they never admit, at least resolve, great, otherwise we'll just switch to another provider.

http://translate.google.com/translat...ial%26hs%3DQ0O
Providers try to push the blame on you (saying it is flawed for its application), but if your application is not capable of uploading files, it is virtually impossible to modify the files in your application - to change, your ISP also has a much great fault.

Also, it might be a hole in your application. Is it online now?

My site is http://www.mmmode.com.vn

I use a crack portable FTP CUTE, whether there is reason about this malware ?

MY ISP has got alot of virus, malware n etc .... they are so bad support