I have multiple sites affected by this eval64 hack and have been tearing my hair out over the past week. I've changed all passwords etc - in despair have deleted EVERYTHING and created a new database with new details, re-installed WP and started from scratch five times. Five times of building the same site...to see it hacked 5 times. I've read the wordpress links that are posted over and over by the mods, I can't afford to pay anyone to sort it out and 'm out of ideas. Have so far identified hacked files as root/wp-config.php, root/index.php, wp-includes/functions.php, themename/functions.php, themename/header.php, themename/index.php and themename/footer.php...there are probably more. Like everyone else, I clean them up only to have them reinfect a short time afterwards, getting the error about line 191 or 192, followed by a blank page. It's very frustrating to search for help on this, only to find every thread closed with the same tired list of links, not very user friendly..if they work so well why not leave the thread open and let people share experiences? Hopefully this one will stay open for a bit until someone can really solve it. Are WP planning an update to tackle and block this horrible hack anytime soon?!