I am having a similar issue on 2 of my sites with the random redirects to nefarious websites. Had Bluehost run a scan on the hosting site and came up with this one infected file :
/home3/mylocal2/public_html/500.php: SL-PHP-EVAL_REQUEST-axog.UNOFFICIAL FOUND
The 500.php file showed this
<!– PHP Wrapper – 500 Server Error –>
<html><head><title>500 Server Error</title></head>
<body bgcolor=white>
<h1>500 Server Error</h1>
A misconfiguration on the server caused a hiccup.
Check the server logs, fix the problem, then try again.
<hr>
<?
echo “URL: http://$_SERVERHTTP_HOST$_SERVERREQUEST_URI<br>\n”;
$fixer = “checksuexec “.escapeshellarg($_SERVER[DOCUMENT_ROOT].$_SERVER[REQUEST_URI]);
echo `$fixer`;
?>
</body></html>
I ran the anti-malware scan plugin and it reported no problems. I am wondering if the software is looking deep enough into the directory to find the infected file?
