So it turns out a bunch of sites on Dreamhost got hacked (including mine), and people are having trouble cleaning things up. I tried to be helpful in the support forum until Dreamhost started moderating (read: indefinitely blocking) my posts. So hopefully I can be of help here instead 
Here’s a little cleanup script I wrote – there are probably others out there, but I just threw this together and it worked great. My sites are all clean now. Don’t blame me if it breaks something for you though – making a solid backup first is YOUR responsibility!!
sed -i.base64inject.bak 's/<?php.*\?base64_decode.*\?NvZGVkX2NvbnRlbnQuZ21sXzc3NygpOyAgfSAgfSAgb2Jfc3RhcnQoJ21yb2JoJyk7ICB9ICB9"));?>//' `grep -rlI --include=*.php NvZGVkX2NvbnRlbnQuZ21sXzc3NygpOyAgfSAgfSAgb2Jfc3RhcnQoJ21yb2JoJyk7ICB9ICB9 *`
That’s supposed to be all on one line. Just paste it into your Bash shell and let it work. In a nutshell, it will:
1. Recursively locate all infected .php files under the current directory
2. Make backup copies (*.php becomes *.php.base64inject.bak)
3. Clean them!
Once you’re confident the cleanup was successful, you can wipe out those backup copies with this one:
find . -name '*.php.base64inject.bak' -exec rm {} \;
In the forum, Sparker pointed out that the base64 code injected into his pages was a bit different. You can try replacing that base64 blob in my script (“NvZG…ICB9″) with whatever ugliness you’ve got in your files.
Update: Another forum poster mentioned an alternative cleanup tool. I haven’t tried it myself, but it sounds promising, and might be easier to use than my scripts.
