Hacked – @register_shutdown_function

I’m running the current version, 2.8.4.

I have WordPress in its own directory, not root. The root index.php of my site now has this code added before the normal code:

<?php @register_shutdown_function(“__sfd1252738106__”);function __sfd1252738106__() { global $__sdv1252738106__; if (!empty($__sdv1252738106__)) return; $__sdv1252738106__=1; echo <<<DOC__DOC
<!– [ec36ac83687772ac241157982ff295d9 –><!– 6018372521 –><noscript>

–then tons and tons and tons of junk–

</noscript><!– ec36ac83687772ac241157982ff295d9] –>

Then this at the bottom after the regular code.

<?php error_reporting(0); echo “\n”; @__sfd1252738106__(); ?>

Also, when I saved the page in HTMLkit for future reference, it had this name: hktCFD_index.php.

What should I do about this?
I’m using podPress for a podcast and this junk keeps iTunes from doing a manual podcast subscription.