Initial Wordfence scan identified a malicious http://ftp.php file, which we deleted. It also found thickbox.js to have been severely modified compared with its native content. I am not sure if the changes were included by our past developers as part of the needed functionality or are in fact malicious and created by hackers.
Here's what there now. What is it about? Does it appear malicious?
/*
* Thickbox 3.1 - One Box To Rule Them All.
* By Cody Lindley (http://www.codylindley.com)
* Copyright (c) 2007 cody lindley
* Licensed under the MIT License: http://www.opensource.org/licenses/mit-license.php
*/
function tb_init(e){jQuery("body").on("click",e,tb_click)}function tb_click(){var e=this.title||this.name||null,i=this.href||this.alt,t=this.rel||!1;return tb_show(e,i,t),this.blur(),!1}function tb_show(e,i,t){try{"undefined"==typeof document.body.style.maxHeight?(jQuery("body","html").css({height:"100%",width:"100%"}),jQuery("html").css("overflow","hidden"),null===document.getElementById("TB_HideSelect")&&(jQuery("body").append("<iframe id='TB_HideSelect'>"+thickboxL10n.noiframes+"</iframe><div id='TB_overlay'></div><div id='TB_window'></div>"),jQuery("#TB_overlay").click(tb_remove))):null===document.getElementById("TB_overlay")&&(jQuery("body").append("<div id='TB_overlay'></div><div id='TB_window'></div>"),jQuery("#TB_overlay").click(tb_remove)),jQuery("#TB_overlay").addClass(tb_detectMacXFF()?"TB_overlayMacFFBGHack":"TB_overlayBG"),null===e&&(e=""),jQuery("body").append("<div id='TB_load'><img src='"+imgLoader.src+"' width='208' /></div>"),jQuery("#TB_load").show();var n;n=-1!==i.indexOf("?")?i.substr(0,i.indexOf("?")):i;var o=/\.jpg$|\.jpeg$|\.png$|\.gif$|\.bmp$/,r=n.toLowerCase().match(o);if(".jpg"==r||".jpeg"==r||".png"==r||".gif"==r||".bmp"==r){if(TB_PrevCaption="",TB_PrevURL="",TB_PrevHTML="",TB_NextCaption="",TB_NextURL="",TB_NextHTML="",TB_imageCount="",TB_FoundURL=!1,t)for(TB_TempArray=jQuery("a[rel="+t+"]").get(),TB_Counter=0;TB_Counter<TB_TempArray.length&&""===TB_NextHTML;TB_Counter++){{TB_TempArray[TB_Counter].href.toLowerCase().match(o)}TB_TempArray[TB_Counter].href!=i?TB_FoundURL?(TB_NextCaption=TB_TempArray[TB_Counter].title,TB_NextURL=TB_TempArray[TB_Counter].href,TB_NextHTML="<span id='TB_next'> "+thickboxL10n.next+"</span>"):(TB_PrevCaption=TB_TempArray[TB_Counter].title,TB_PrevURL=TB_TempArray[TB_Counter].href,TB_PrevHTML="<span id='TB_prev'> "+thickboxL10n.prev+"</span>"):(TB_FoundURL=!0,TB_imageCount=thickboxL10n.image+" "+(TB_Counter+1)+" "+thickboxL10n.of+" "+TB_TempArray.length)}imgPreloader=new Image,imgPreloader.onload=function(){function n(){return jQuery(document).unbind("click",n)&&jQuery(document).unbind("click",n),jQuery("#TB_window").remove(),jQuery("body").append("<div id='TB_window'></div>"),tb_show(TB_PrevCaption,TB_PrevURL,t),!1}function o(){return jQuery("#TB_window").remove(),jQuery("body").append("<div id='TB_window'></div>"),tb_show(TB_NextCaption,TB_NextURL,t),!1}imgPreloader.onload=null;var r=tb_getPageSize(),d=r[0]-150,a=r[1]-150,T=imgPreloader.width,_=imgPreloader.height;T>d?(_*=d/T,T=d,_>a&&(T*=a/_,_=a)):_>a&&(T*=a/_,_=a,T>d&&(_*=d/T,T=d)),TB_WIDTH=T+30,TB_HEIGHT=_+60,jQuery("#TB_window").append("<img id='TB_Image' src='"+i+"' width='"+T+"' height='"+_+"' alt='"+e+"'/><div id='TB_caption'>"+e+"<div id='TB_secondLine'>"+TB_imageCount+TB_PrevHTML+TB_NextHTML+"</div></div><div id='TB_closeWindow'><div class='tb-close-icon'></div></div>"),jQuery("#TB_closeWindowButton").click(tb_remove),""!==TB_PrevHTML&&jQuery("#TB_prev").click(n),""!==TB_NextHTML&&jQuery("#TB_next").click(o),jQuery(document).bind("keydown.thickbox",function(e){return 27==e.which?tb_remove():190==e.which?""!=TB_NextHTML&&(jQuery(document).unbind("thickbox"),o()):188==e.which&&""!=TB_PrevHTML&&(jQuery(document).unbind("thickbox"),n()),!1}),tb_position(),jQuery("#TB_load").remove(),jQuery("#TB_ImageOff").click(tb_remove),jQuery("#TB_window").css({visibility:"visible"})},imgPreloader.src=i}else{var d=i.replace(/^[^\?]+\??/,""),a=tb_parseQuery(d);TB_WIDTH=1*a.width+30||630,TB_HEIGHT=1*a.height+40||440,ajaxContentW=TB_WIDTH-30,ajaxContentH=TB_HEIGHT-45,-1!=i.indexOf("TB_iframe")?(urlNoQuery=i.split("TB_"),jQuery("#TB_iframeContent").remove(),"true"!=a.modal?jQuery("#TB_window").append("<div id='TB_title'><div id='TB_ajaxWindowTitle'>"+e+"</div><div id='TB_closeAjaxWindow'><div class='tb-close-icon'></div></div></div><iframe frameborder='0' hspace='0' src='"+urlNoQuery[0]+"' id='TB_iframeContent' name='TB_iframeContent"+Math.round(1e3*Math.random())+"' onload='tb_showIframe()' style='width:"+(ajaxContentW+29)+"px;height:"+(ajaxContentH+17)+"px;' >"+thickboxL10n.noiframes+"</iframe>"):(jQuery("#TB_overlay").unbind(),jQuery("#TB_window").append("<iframe frameborder='0' hspace='0' src='"+urlNoQuery[0]+"' id='TB_iframeContent' name='TB_iframeContent"+Math.round(1e3*Math.random())+"' onload='tb_showIframe()' style='width:"+(ajaxContentW+29)+"px;height:"+(ajaxContentH+17)+"px;'>"+thickboxL10n.noiframes+"</iframe>"))):"visible"!=jQuery("#TB_window").css("visibility")?"true"!=a.modal?jQuery("#TB_window").append("<div id='TB_title'><div id='TB_ajaxWindowTitle'>"+e+"</div><div id='TB_closeAjaxWindow'><div class='tb-close-icon'></div></div></div><div id='TB_ajaxContent' style='width:"+ajaxContentW+"px;height:"+ajaxContentH+"px'></div>"):(jQuery("#TB_overlay").unbind(),jQuery("#TB_window").append("<div id='TB_ajaxContent' class='TB_modal' style='width:"+ajaxContentW+"px;height:"+ajaxContentH+"px;'></div>")):(jQuery("#TB_ajaxContent")[0].style.width=ajaxContentW+"px",jQuery("#TB_ajaxContent")[0].style.height=ajaxContentH+"px",jQuery("#TB_ajaxContent")[0].scrollTop=0,jQuery("#TB_ajaxWindowTitle").html(e)),jQuery("#TB_closeWindowButton").click(tb_remove),-1!=i.indexOf("TB_inline")?(jQuery("#TB_ajaxContent").append(jQuery("#"+a.inlineId).children()),jQuery("#TB_window").bind("tb_unload",function(){jQuery("#"+a.inlineId).append(jQuery("#TB_ajaxContent").children())}),tb_position(),jQuery("#TB_load").remove(),jQuery("#TB_window").css({visibility:"visible"})):-1!=i.indexOf("TB_iframe")?(tb_position(),jQuery("#TB_load").remove(),jQuery("#TB_window").css({visibility:"visible"})):jQuery("#TB_ajaxContent").load(i+="&random="+(new Date).getTime(),function(){tb_position(),jQuery("#TB_load").remove(),tb_init("#TB_ajaxContent a.thickbox"),jQuery("#TB_window").css({visibility:"visible"})})}a.modal||jQuery(document).bind("keydown.thickbox",function(e){return 27==e.which?(tb_remove(),!1):void 0})}catch(T){}}function tb_showIframe(){jQuery("#TB_load").remove(),jQuery("#TB_window").css({visibility:"visible"})}function tb_remove(){return jQuery("#TB_imageOff").unbind("click"),jQuery("#TB_closeWindowButton").unbind("click"),jQuery("#TB_window").fadeOut("fast",function(){jQuery("#TB_window,#TB_overlay,#TB_HideSelect").trigger("tb_unload").unbind().remove()}),jQuery("#TB_load").remove(),"undefined"==typeof document.body.style.maxHeight&&(jQuery("body","html").css({height:"auto",width:"auto"}),jQuery("html").css("overflow","")),jQuery(document).unbind(".thickbox"),!1}function tb_position(){var e="undefined"==typeof document.body.style.maxHeight;jQuery("#TB_window").css({marginLeft:"-"+parseInt(TB_WIDTH/2,10)+"px",width:TB_WIDTH+"px"}),e||jQuery("#TB_window").css({marginTop:"-"+parseInt(TB_HEIGHT/2,10)+"px"})}function tb_parseQuery(e){var i={};if(!e)return i;for(var t=e.split(/[;&]/),n=0;n<t.length;n++){var o=t[n].split("=");if(o&&2==o.length){var r=unescape(o[0]),d=unescape(o[1]);d=d.replace(/\+/g," "),i[r]=d}}return i}function tb_getPageSize(){var e=document.documentElement,i=window.innerWidth||self.innerWidth||e&&e.clientWidth||document.body.clientWidth,t=window.innerHeight||self.innerHeight||e&&e.clientHeight||document.body.clientHeight;return arrayPageSize=[i,t]}function tb_detectMacXFF(){var e=navigator.userAgent.toLowerCase();return-1!=e.indexOf("mac")&&-1!=e.indexOf("firefox")?!0:void 0}if("string"!=typeof tb_pathToImage)var tb_pathToImage=thickboxL10n.loadingAnimation;jQuery(document).ready(function(){tb_init("a.thickbox, area.thickbox, input.thickbox"),imgLoader=new Image,imgLoader.src=tb_pathToImage});