I recently had to remove a StealRat infection from a computer. Unfortunately most of the available information is out of date and only helped somewhat.

Once I found the actual file that was the issue I developed a better command to detect any other infections:

findstr /sim /c:"'](NULL)" *.php