I have a site where hackers, every day, modify the index.php with a code snippet in HEX which does a PHP include of the contents of the "X".ico file which, again, is all php code. It appeears to be designed to attemtp to attack visitors, by my Norton doesn't do anything or seem to detect it at all. Possibly is only is able to run on certain machines but it definitly does the actions I describe.

I am a developer and am able to use various decoders but they all return binary code (not 0101 etc) but true machine binary code.

So far, I have defeated all attacks on the website except this one. I saved the file as a .txt file. Is there anyone who'd take a look at it and give me an opinon? I'll attach the .txt file if someone will try to help me.

Description: Website -> index.php -> index.php code snippet which includes "x".ico file contents which is all PHP code. (Drupal CMS runs website btw).

Thank you.... this is my first post, so if this is in the wrong place or inappropriate entirely, let me know!   All the best....