To find out if you're infected with this particular creeper, see if you can find the following block in wp-includes/default-constants.php as outlined here:
Other symptoms of this hack are outlined here:
It's insidiuous enough that I'm convinced I'm not getting all of it. I'm getting hit with this repeatedly after changing all passwords, ripping out ssh keys, blocking FTP, etc. And of course replacing the file each time.
I think though since I reported it, they're moving the location of the hack. Fresh installs of wordpress do nothing.
Have you seen this? I don't know what else to do.