This type of infection is quite easy to fix.
Using phpMyAdmin or any other database tool, look for this string “eval(String.fromCharCode”. If you find it, simply delete the entire block
including “40, 115, 41, 59, 10, 125));”.
If the database entry is serialised, then you should update that too. If you’re unsure how this works, then you can use Database Search and Replace Script.
eval(String.fromCharCode(118, 97, 114, 32, 100, 61, 100, 111, 99, 117, 109, 101, 110, 116, 59, 118
Malicious code will direct users to: letsmakesomechoice[.]com/come.js?dred=1123& ; domain name is currently blacklisted by McAfee, ESET and Sucuri Labs – that means some visitors will be prevented from accessing it.
Other malicious domains: