iframe injection problem?

Hi,

I’ve searched around for a resolution to my problem but the closet thread I can find is this: http://wordpress.org/support/topic/89912?replies=4

Basically about a week ago my site began experiencing problems whenever I tried to access the home page >http://www.heroes-hype.com. The screen just freezes for about 10 minutes..sometimes it also throws me out (closes the browser). In the browser footer it displays the following:

waiting for http://xx.xx.xx.xx./iframe/wp-stats.php

(the ‘x’ is an IP address which I don’t recognise)

At first I suspected that it was a problem with the wp-stats plugin which I had just installed prior to this problem surfacing. So I removed the plugin (and other plugins)..I also tried other themes and browsers, but a wee alter and the problem still remains.

So I contacted my host (as one of the threads here suggested I do) and they have reported to me the following:

“Your site was most likely injected with a 1px iframe due to a vulnerability in WordPress — which is why 2.2.3 was rushed out and pushed out to everyone. A number of sites have the same link which leads one to believe it was due to an exploit in either WordPress itself or the theme you’re using (which has also been called into question as of late).”

So now i’m wondering whether anyone can corroborate that this is the likely reason..and whether they is anything I can do to resolve the problem. I would of course like to upgrade to 2.3 asap, but I doubt this will solve the issue in itself..or will it?

Any advise would be much appreciated.

PS I am using the CSS Freak theme.