I already scanned with Symantec Endpoint Protection, no detections at all. I also build a simple program that scans every file for code like ‘var a=’. But no results yet..
Last week I removed the virus from the header.php and it came back today. I still don’t know how the header.php got infected. I removed the bad JavaScript line from the header and the virus is removed, for now. I am hosting the website on a XAMPP installation that’s running on a Windows 2003 Server.
I discovered this problem because a visitor of the website contacted me about the problem. Kaspersky was detecting the ‘virus’ at their computer after visiting the website.
Hi,
I experienced the same issue with my site. Which plugins do you have installed? Maybe it’s some kind of security issue on one of the installed plugins.
They only infected this file: “D:\wwwroot\<sitename>\wp-content\themes\<theme name>\header.php”
Sander
