contains content from 31.184.242.102, a site known to distribute malware. Your computer might catch a virus if you visit this site. wordpress Malware entry: MW:JS:69693 [FIXED]

Recently all our wordpress sites have being injected with js code in wp-content and wp-includes , to fix the issue you have to download all js files in these directories and search for the code in the end of the js files its a variable with hex like code

var _0x80d0=["\x64\x67\x6C\x6C\x68\x67\x75\x6B","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x6C\x6F\x63\x61\x74\x69\x6F...................


replace it and you are done , also change these old passwords just in case ;)






P.S This is temporary and doesn't clean the infection , after a while it gets infected again


working on it






P.S Update 
so far another infected file most probably to be part of the problem is wp-config edited with around 1500 empty lines with added REQUEST [3ioi23hri34ri34jrf34jibf] whatever and with 444 permissions , make sure you erase the code after wp-settings.php; that you haven't edited yourself and fix the permissions 

Also just downloaded and scaned localy one of my websites the infected js files are in these dirs.

• wp-admin/js
• plugins 
• themes
• wp-includes/js

Update

Couple of hours after fixing the wp-config file and all js files so far the websites remain clean although Google safe browsing still shows the red screen  http://sucuri.net/  check shows that finally all of our websites are clean and save.

Hopefully it will stay that way. Apparently this fix works :

first fixing wp-config -> permissions and additional code after wp-settings.

second removing the 

(variable name could  be different ) var _0x80d0=

"\x64\x67\x6C\x6C\x68\x67\x75\x6B","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x6C\x6F\x63\x61\x74\x69\x6F................... 

in my case around 200 to 300 files per website have being modified. 

!for every website the code in the js files was with different variable name.