This happened to me too. On March 17th.
I noticed both a line that contained a load of links and a different line starting eval(base64_decode...
Note: Decoding the code leads to another base 64 decode which generates a remote procedure call to the phpAdsNew program installed on ppc100 dot info. This is obviously a malicious ad server.
Be sure to remove both lines from your files.
I'm contemplating writing a script to automatically remove the links from the infected files, but this largely depends on whether I can knock one up quicker than it would take me to manually delete the lines. I'll post the script here if I do end up writing one.
|