

Problems with$_8b7b="\x63\x72\, eval(base64_ hacks and rr.nu domain redirects - rbedy
http://domesticenthusiast.blogspot.com/2012/03/dyslexic-mayans-want-to-sell-you-cialis.html

======
rbedy
I got my WP installation hacked again and thought this tutorial could come in
handy for checking and removing the malware code for some of you.

~~~
etcet
You might want to check out maldet[0], it does a good job of finding this kind
of malware. It supposedly has functionality that'll clean base64 encodes and
gzipped base64 but I haven't managed to get it to work. I've posted a comment
detailing the problem but the mod hasn't allowed it to be posted yet. Suffice
to say, don't trust the cleaning function. I'd love for someone else to test
this though.

[0] <http://www.rfxn.com/projects/linux-malware-detect/>

