This only applies to wordpress hosted sites
After studying all the code this morning. I came up with a easy fix that will make it easy on everyone how to get rid of this malicious code.
1. download an updated version of wordpress upzip it too your desktop. (do not modify this in any way, this is your baseline original files)
2. Login to your ftp directory of the infected site.
3. make a folder on your desktop called old site, copy your old site to that directory(make sure your antivirus is up-to-date) it will pick up on the code when you download it) we will not be using these files except to grab the graphics only)
4. copy your config.php file to your desktop only.
5. take the new wordpress download and overwrite the entire directory of the infected site.
6. when this download is complete copy your wp-config.php back to its original location.
7. login to your wp-admin console, push all updates.
8. use your old site copy for graphics only!
This is a good way to re-install without losing content and not having to ditch your sql database.
Tip( once completing this process you can copy your fixed directory and zip it up somewhere so if you get hit again you can just dump the directory over it self and will only be a one step process after that.)
hope this helps some people this injection is a serious venerability for wordpress and needs to be patched by a future core update. hopefull wishing :/
anyways good luck if you have any questions feel free to email me joshcharlton228@gmail.com
localized computer info//
If you have an infected pc you might want to update your antivirus to its latest def. Norton is working well as well as avg to catch the issue.
