I have a site that was reported by Google to be infected with the above code. In Webmaster Tools they gave an example of at least one page where the code was found.
So it is getting injected from some unknown file, and I still can't find it. The client, of course if apopleptic and I forsee hours of digging.
I changed the FTP password and do NOT save them to the Filezilla site manager file any longer.
There is an email contact form on the site.
Any suggestions please?