What "theme" are you talking about lol? It should not matter of the "theme" you are using, it boils down to CHMODDING the files 644..
Even if you want to "edit" the theme files, via the blog's control panel, you should use the 666, but then when done.. go back and chmod them all 644..
Ask your host, by default.. if they can have files chmod 644..INSTEAD of 666. My host changed it all up for me, when I asked them..
I just think your host likes playing the "blame game" and likes throwing the "blame" at WordPress for their fluck ups..
You most likely should start over, basically do a "fresh" upgrade to the blog.. remove all the WP files that you'd normally remove during an upgrade. EXCEPT these three things: wp-config.php, wp-config-sample.php and the wp-content/ directory.. (Or, special plugin files..maybe even remove them too.. hard to say..)
Reupload a "Fresh" copy of WordPress.. then, scrap that "theme" that you used while it was attacked or whatever.. Reupload a "FRESH" copy of it again..chmod them files 644.. and all other normal WordPress files 644.