Shared server hacked, need to find all php files in any directory named "img"

[macwise]

Hey, friends.  I have some trouble on the server front.  My sites have been hacked, and I need to make sure I've eradicated every trace of this exploit.  I'm looking for a way to search for any and all php files contained in multiple directories with specific names.  For instance, I have found a commonality in relation to where these malicious files are placed, such as:

/some/dir/img/somename.php

or:

/some/dir/js/somename.php

 

Is there a way I can easily (e.g. using ssh and the "find" command) locate all files ending in php but only found in directories named "img"?  I can't seem to find anything that would allow me to do this with find, or with a combination of find and grep.  I can't go directory by directory, as some of these img directories are created many levels deep, some even in .svn directories. 

 

Any and all help is appreciated.  Hackers suck.

[mikosiko]

try this

 

find . -name *.php -print | grep /img

[litebearer]

BTW change all your usernames and passwords that can access your system. AND do NOT save password in your FTP program - similar 'hack' recently appears to be related to FTP password saving. The 'hack' infected all files many levels deep if they file name began with index, main etc