PLEASE HELP!! WP 2.6.3 Hacked

I run several WP blogs and about a week and a half ago they got hacked. At the time they were running 2.6.2. I saw the 2.6.3 update and figured that’s what I needed. So here’s what I did:

1. Deleted all folders and files from my website
2. Restored everything (excluding the WP blogs) from a backup that pre-dated the hack
3. Re-installed the blogs using 2.6.3
4. Changed all my WP user passwords

About a week later, I’ve been hacked again.

Here’s what I’m seeing:
The following line has been added to the end of all my RSS feeds – vpn

A number of files have shown up on my web server that don’t belong there. They have names like trex_5.php 8.php 7.php etc.

Also I’m noticing some folders called dir_stats that I don’t think belong there. I’m checking with my web host on this to see if this is something they put there.

I desperately need help here. If anyone has any suggestions, please let me know.

I’ve looked in the forum and only seen one other person that looks like it might be a 2.6.3 hack (http://wordpress.org/support/topic/214908?replies=21)

Please help if you can.