Hi! I’m not too familiar with the commands you mention here, but when I try to replace the files that have the malicious base64 code I get this:

sed: can't read ./themes/landingpage/index2: No such file or directory
sed: can't read .php: No such file or directory
sed: can't read ./plugins/author-box-after-posts/author_box: No such file or directory
sed: can't read _after_posts.php: No such file or directory

And then I search again for any file containing the offending code and it’s all still there.

This is what I told it to do:

find . -name "*.php" -print | xargs sed -i '[email protected](gzinflate(base64_decode('rVj/U9s6Ev+Zm7n/wW............+Aw==')));@@g'