Website hacked, how to remove malicious code with SED / GREP

Question

a website of mine is hacked. In every php file a line of code is added. I wont post the complete code here, but it starts with:

Answer 1

This should work.

find . -name "*.php" -print0 | xargs -0 sed -ri '1s/^<\?php if\(!isset\(\$GLOBALS\[.*-1; \?>//' *.php