WordPress Virus

Hello Faced with a terrible problem and he can not decide. Some very good people somehow wandered into my account and infected host all sites on WordPress with the virus. I watched all of the files, checked the database, there are no traces

The virus installs a cookie and checks the IP address and if both are already familiar with it does not manifest itself in any way. When entering the site it does not open very long time (as I understand it is obvious he still retains the data somewhere in all or in $ _SESSION, but it did not check) writes its code to Hook wp-head () once and settles down to the next shift IP addresses, and delete cookies.

Checks the file for eval, base64_, file_get_contents, fsocks, curl, but found nothing suspicious. Htaccess Pereglyadel all there’s nothing in the database zannyh added to all tables field type TIMESTAMP, no changes, check all the files – the number created in the meantime as it should be. The only thing for sure – the virus sets the cookie and check ezmeneniya IP and displays your code in wp_head () (probably after all JS Perel STYLE tags).

Help defeat the plague all the ideas I have come to an end: (

Virus code in header:

[removed code]