I needed to help a friend to clean all his files from an eval type attack so I used the code bellow to clean all his files. In $str var I put the virus code that was injected (in my case a hidden redirected code)

$str = 'eval(base64_decode("CmVycm9yX3JlcG9... your part of the infected code ....=="));';

function find_all_files($dir) 
{
    global $global_counter;    
    $result = array();
    $root = scandir($dir); 

    if(is_array($root)) {
        foreach($root as $value) { 
            if($value === '.' || $value === '..') {continue;}     

            $global_counter++;

            if(is_file("$dir/$value")) {
                if(substr($value, -3) == 'php') {
                    $result[]="$dir/$value";continue;
                }
            } 
            else {
                $file_list = find_all_files("$dir/$value");
                if(is_array($file_list)) {
                    foreach($file_list as $value) {
                        if(substr($value, -3) == 'php') {
                            $result[]=$value; 
                        }
                    } 
                }
            }        
        }
    }
    return $result; 
}

$result = find_all_files('.');

foreach($result as $filename) {
	if($filename == './cleaner.php') continue;
	$file = file_get_contents($filename);
	$file = str_replace($str, '', $file);
	file_put_contents($filename, $file);
	echo '. '; flush();
}

You can download the code here and then run it through the webserver.
cleaner.php