site was infected but not now, how?

Hello,

I had a strange case recently with my WordPress site. I am hoping somebody can help me determine what happened.

I was running an older version of WordPress, maybe 2.something and it became infected with a redirection script.

I couldn’t find the file that was the culprit in ftp, and I didn’t see any suspicious content in the DB, so I turned off meta redirection in my browser and was able to access the site.

I logged into the admin and verified the user accounts were appropriate. Then i deactivated all the plugins and checked the site. It worked! I then wanted to know what the bad plugin was, so I reactivated them one by one. But I reactivated all of them and the site still worked.

I ended up updating all the plugins and WordPress to the latest version and changing my passwords but how did my site get infected? And how did I fix it? Am I missing some behavior in plugin deactivation that i didn’t know about that fixed it?

please let me know, not knowing is really bothering me…

Thank you