Here are some common pattterns to look for when scanning web pages for compromised files.  All except the last one create a file where the line is executed called maybeinfected.  You can go through each file and find and remove injected code.  It is typically packed garbled text that hides the code because it is usually obfussicated or encoded to avoid detection.

find . -name '*.php' | while read FILE; do if grep '$GLOBALS' "$FILE"; then echo "$FILE" >> maybeinfected; fi ; done

find . -name '*.php' | while read FILE; do if grep 'eval(base64_decode' "$FILE"; then echo "$FILE" >> maybeinfected; fi ; done

find . -name '*.php' | while read FILE; do if grep '''PCT4BA6ODSE_"$FILE"; then echo "$FILE" >> maybeinfected; fi ; done

Automatically delete any that match a pattern:

find . -name '*.php' | while read FILE; do if grep 'PCT4BA6ODSE_' "$FILE"; then rm  "$FILE" -rf; fi ; done