I just encountered something quite similar to this. (It's actually a little different than what's linked above.)
After a bit of tracking, I discovered a few hidden files (i.e. files preceded by the period like .README.back.php) in my plugins folder--Akismet, StatPress, and WP-Amazon to name just a few--and these files used varying names.
Once I opened up the files (after downloading them and deleting them immediately from the server), I discovered that it was executable PHP code obfuscated by a ton of PHP comments. When the comments were stripped out, it revealed it was looking for something in the DB--the wp_options table to be specific.
Tracking down the options table code ('rss_f541b...') showed that there was encrypted (and reversed) PHP code hiding in the middle of the plugins data. There was a preg_match which told me where to look and after decrypting the data, it's one nasty little chunk of script.
I saved a copy before deleting it from my DB and changing my DB info.
So, if someone is having a similar problem, I'd recommend deleting the plugin files you come across which are hidden and you *know* are not part of the original plugin package, then deleting the code from the encrypted code from the options table--it shouldn't be difficult to miss because it looks like a chunk of gibberish that starts with something like ';))"==QfK0wOpc...' and ends with something like '...JXZ"(edoced_46esab(lave'.