My site has been hacked and yesterday was being redirected elsewhere (looks like through the Timthumb vulnerability). We've solved the redirects but looks like the damage is far greater than we thought. There are still loads of malicious scripts in various files. We put up a backup version of the site from weeks ago but the theme and CSS are broken.
Looks like the best option is to do a fresh reinstall of WordPress.
My questions are:
1 - How do I backup only the files? I don't want to backup the database as it looks like there are loads of malicious scripts still there
2 - When I do a fresh install of WordPress, how do I upload my files back up. I will be doing a new theme design for the site