After cleaning up my core files from a base64 hack to recover from the white screen wp-admin page, I am now moving on to database inspection and cleanup. This is a mystery to me so far, since I did an automated original WP install in my ISP almost 3 years ago, and haven't really been tracking the database side of things.
Under the ISP's MySQL control panel I find 3 databases, 2 of which look suspicious, the third of which is referenced/linked, password included, in my wp-config.php. Question 1: is that normal?
The names of the last two databases seems a tad odd: they start with my username, followed by some gibberish, then ending in ".com" Question 2: Is that normal, or is this indicative that these are hacked versions? Question 3: Does the naming suggest the databases reside external to my ISP, making all my password changes pretty much irrelevant (i.e., known to the hacker)?
Finally, I don't see much that I can do through my ISP tools to really inspect the database and see whether it's infected. I don't even see a way to backup databases, or download them to my PC so that I can inspect and clean it offline. This link mentions that malicious code can reside in your database and re-infect your core files, but am at a loss as to how to implement its suggestions.