All subdomains at my server account is constantly php injected with the code: eval(base64_decode
[please don't post hacked code here]
I've tried to do everything without sucess to clean the infected files, search and kill the code or malware responsible for this.
This bad code redirect the facebook clicks in links of my wordpress site (www.site.sindnacoes.org.br) to the page http://rpksft.compress.to/ as you can see at: https://www.facebook.com/sindnacoes.
In all the browsers, except in CHROME.
Naturally, the chrome has the vaccine to make this attack harmless.
Somehow I think there is some procedure to prevent that links are redirected, even if some files remain to be infected with eval base64.
Anyone have any ideas?