Same here. I had over a hundred .htaccess files throughout the site. The info in there referred to some malicious PHP code being inserted on all pages, parsing them as php! Looks like some iframe placements pointing to a guy in the Bahamas with the domain zlenbigret.com
Be on the look out for any files/functions with the name “minisuhosin” (IE: “function minisuhosin_show_security_patch()”)
