deepjava

Hey,
There is no need to install wordpress.

You can actually fix this by installing Trinetra PHP antivirus.
This antivirus works on WordPress 2.9.2 version beyond.
Easy to understand reports and cleaning process. Even layman can run this.
Nothing technical to be done here. No need to go to unix console/SSH or telnet. Your site will be virus free in few minutes.

https://www.deepjava.com/Trinetra_Ninoplas_Base64_PHP_Virus_Remover.jsp

Best part of Trinetra Antivirus is that it is FREE and available with source code.

please check this code which fixes Ninoplas Base64 encoded virus.
Most of the php viruses modified initial segment of the code and added eval and base64_decode functions. Trinetra antivirus scans for such occurrence. Cleaner is provided as separate program which helps you clean all such files if found infected. Trinetra is the fastest ninoplas virus scanner and remover.

https://www.deepjava.com/Trinetra_Ninoplas_Base64_PHP_Virus_Remover.jsp

I think it is not wordpress code but some trojan on windows machine which keeps a watch on your network layer and scans all communication.

I could figure out this when i asked for ftp log from hosting service provider. My login details were available from all over the world and even while i was sleeping ??

What to do when your website is infected with such iframe malware
======================================================
1. Immediately change your ftp passwords.
2. Clean up your local machine from all the viruses, trojans, malware, rootkits etc.
3. Install good antivirus with updates and firewall with limited ports open.
4. do netstat to keep a watch on invalid trojan operation running in background.
5. Hope you have backup of your site. If yes then login to your website and delete all the content.
6. if you do not have backup download all the files from your website and scan for iframes. Remove unwanted iframes or malware tags.
7. upload the correct copy of files to the server.