I took over a site recently which had been hacked a number of times in the past. No security plugins had ever been installed and the hack is still present, mostly within the theme files but also I think in one of the Contact form plugins.
The warning I am seeing is as follows:
This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'base64_decode(' (without quotes).
I just want to confirm before I delete anything if there is ever a legitimate reason for this code to be present in any files in a WordPress install? I'm pretty sure the files flagged are the hacked ones but never hurts to double check.