I found it in the theme directory, a php file. It could be anywhere though. From what I read most of these files have ‘eval…’ in them a lot (did in the one I found), so maybe you could just download the folders with less strong permissions, do a search for that term and compare it to a clean version of WordPress to see where it’s coming from?
