I run an AVG virus scan every morning at 7 am. Today it notified me it found several exploits of JS/Downloader.Agent in 3 WordPress themes -- Lush, Lilac and Naruto. The exploits were in the zip files as well as in /themes.
All were in footer.php.
I was only using one theme and the others I had viewed but didn't like. They have been on my websites/computer for months and I did not update anything on my blogs dealing with themes in months.
These were encoded footer.php files.
Now, since those have been around for a while and AVG just picked it up, one could assume that it deals with the most recent AVG update and it's pulling a false positive on an exploit/virus.
Has anyone else found this JS/Downloader.Agent in their themes?