My blog has been hacked. I received the following message from Kaspersky and it's been verified that it's not a false positive.
The requested URL could not be retrieved
While trying to retrieve the URL:
The following error was encountered:
The requested object is INFECTED with the following viruses: HEUR:Trojan.Script.Iframer
Please contact your service provider if you consider it incorrect.
They gave me a piece of the code that was tacked onto one of my files.
Here are my questions:
1. How do I find which file the code is in, if it's at all possible?
2. If not, I just downloaded 2.7. What do I have to do to insure that when I upgrade, the trojan is gone? Will upgrading alone remove it?
3. If not, I don't want to lose all my posts (over 550 so far) I realize that they're in the MySQL database, but if I do a new install, how do I designate that I want to use an existing database? I usually just let WordPress pick the database name.
I am NOT a technically proficient user. I know just enough to do an install using Fantastico and that's it.
Any help you can give me to resolve this matter will be greatly appreciated.