I have been on 2.9.1 since it was released and just today my site began redirecting. It was the same code in the same place. I had 1 unauthorized user created as Admin. AVG recognized the header.php file as JS/Downloader.Agent when I downloaded it. User is gone, script is gone, but how do we prevent this in the future?
