I had the same issue! On one of my client's site I've found and removed the file in question. It was here:
There may be other files on the account that have been compromised so it's important to audit the entire account. Actually it would be a good idea to delete that plugin and if necessary, reinstall it from a new copy.
So basically it is due to the W3 Total Cache recent update! Secure your site whenever you can with all the plugins you can! Here is one article about it - http://tutorials7.com/how-to-protect-and-secure-your-wordpress-site.html
Here are 2 more articles on the topic:
Read this - https://premium.wpmudev.org/forums/topic/security-plugins-over-and-above-bulletproof-security it may help prevent any hacking attacks in the future....
1. Make sure your wp-config.php has 750 permission - if needed - change the permission through your FTP software or 600. Files should be set to 644 and folders - to 755 or 750
2. Use Back up WP plugin like xCloner or WPdatabase
3. Do not use "admin" as a username! This will make hacker's life muuuuch easier!
4. Use security plugin like - https://wordpress.org/extend/plugins/secure-wordpress/
5. Scan your theme files for potentially malicious or unwanted code by using this useful wordpress plugin - https://wordpress.org/extend/plugins/tac/installation/
6. Use strong password. Go to your Cpanel and... you know where to click to generate one! :-)
7. For your advanced protection, you can use:
- WP Security Scan;
- WordPress Exploit Scanner;
- WordPress File Monitor;
- Login Lockdown plugin
These plugins are great for WP protection:
Use .httaccess to protect your wpconfig.php file! You can use this code:
deny from all
It is very shocking when my WordPress site gets hacked. I had very bad experience like you but some days before my friend had the same problem and he had informed me about that it happened to his site as well. I tried a lot to fix the wordpress site but could not able to fix the website properly. After that I found a website http://totalwebsecurity.com/ (website security tool) and worked with their technicians. They had my sites completely fixed, up and running in a day successfully. I’d like to thank you the team of omkarsoft and this Website Protection tool.
here is the security tutorial about hardening your website. http://totalwebsecurity.com/security-tips.php
You can check this article - http://www.business2community.com/online-marketing/6-free-easy-wordpress-security-safeguards-dont-let-pirates-drop-anchor-lagoon-0766699
Here's one interesting article about the two-factor authentication for WordPress: http://tutorials7.com/two-factor-authentication-wordpress.html
Nowadays - you can use your smartphone to double secure your WP site! Nice!