So a few days ago I started to get popups on my wordpress site, and I went trough it and removed everything I could find, updated wordpress, changed all my theme files, and went trough it all. Got rid of the popups, and my host scanned it and cleared it for me.
Today I noteced a div was injected after my html, and I though I had missed something. Spend a few hours going trough everything, when I realized this isn't on my wordpress installation, I have this div injected on any site I go to, with both chrome and Safari so it must be some kind of Browser Hijack?
This is the div injected:
<div id="dp_swf_engine" style="position: absolute; width: 1px; height: 1px;"><embed
style="width: 1px; height: 1px;" type="application/x-shockwave-flash"
src="http://www.ajaxcdn.org/swf.swf" width="1" height="1" id="_dp_swf_engine"
name="_dp_swf_engine" bgcolor="#336699" quality="high" allowscriptaccess="always"></div>
Im on a os x system, and use Safari and Chrome. Have anyone seen this before?
The swf.swf that gets downloaded from that link appears to consist entirely of Google Analytics code. I say that after looking at it for 2-3 minutes with Adobe SWF Investigator. If you need a more in-depth analysis of that code you should probably hire someone to do that.
Additionally Virus Total does not report any issues with that swf: https://www.virustotal.com/en/file/9250c809bc8d4ed6dd80beb10ec0dbd4281fc42c40563a68be050767e42514f7/analysis/1410348821/