Encountered the “Magic” problem with a client using v2.5.1 this morning. We, at least temporarily, solved the problem by reverting the wp-includes directory to a backup copy.
We did a diff on the two directory and found that the vars.php file contained the infected code.
