Thanks for your help. Indeed, the malicious code also appears on lines with existing code :-(
Yes, all infected files contain that start string, so that can be used to reliably identify the specific files. Also, the malicious code is inserted up to 20 times in some PHP files.
-i is a...
I'm a new Linux convert. I left Windows (for my business computer) because of Microsoft's forced software updates (I lost A LOT of work from their infamous restarts) and because they force cloud services and they spy on you.
I'm in the process of implementing software RAID 1 (mirroring?)...