Hi Shane,
Thanks for the response and yes I have read through everything I could find on the topic. I have narrowed my problem down to one issue. I’ve managed to remove the base64 offensive code from all the php files and upgraded to the latest WP version. On posts only, a different line of code is inserted into the footer of each post. I can’t seem to find where this code originates from. It is only on posts and not on pages. I’ve looked in all the footer.php files. It’s using eval(unescape function in a javascript that when decoded writes out to an iframe to another site that is known for viruses.
Any advise on where this offensive code may be hiding is greatly appreciated.
