Thanks guys – we got there in the end.
I am also having this issue and yes I have “User Wallet Credit System” by Justin Greer so it is very likely to be related. Any workarounds would be great.
This might help someone… I had the Blackhole Exploit Kit on my wordpress. A line of code was added to my main index.php and within my theme index.php.
So, I edited the index.php and removed the hackers code which was posted immediately after the <?php tag and before the rem statements. I then changed permissions to the file to 444 to stop anyone writing to it.
So far this has cleared the threat. Might not be good advice but it worked for me – so far!
