I was goggling the last time and found some links to a "96.php" file on my website. I opened that file (which is in the root folder) and it contains three instances of the function :
<? eval(gzuncompress(base64_decode('eNqdWNt....'))); ?>
I don't know what is the idea behind it but I found links to this file in my website referenced by google, when you click on it it redirects to another malaware java app website!
I searched the plugins I have installed in my website but couldn't find any fugitive :(
I have this plugins:
here's the query to reproduce this bug:
my website is villagedurable dot org