SITE HACKED: All images have link to spam

http://www.naficymedicalgroup.com

Every image has a link under it, the anchor text is “main ingredient in viagra in south korea” and it points to some .ca site that I dare not click.

I installed Wordfence and it found 2 issues:

File appears to be malicious: wp-content/themes/healthpress-theme/functions.php

Filename: wp-content/themes/healthpress-theme/functions.php
File type: Not a core, theme or plugin file.
Issue first detected: 1 day 3 hours ago.
Severity: Critical
Status Ignoring this file until it changes

This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “$wp_user_functions_init = create_function”.

AND

File appears to be malicious: wp-content/themes/smallbiz/functions.php

Filename: wp-content/themes/smallbiz/functions.php
File type: Not a core, theme or plugin file.
Issue first detected: 1 day 3 hours ago.
Severity: Critical
Status Ignoring this file until it changes

This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “$wp_user_functions_init = create_function”.

I didn’t create this website, I am managing it for my uncle (it’s his medical practice. So I didn’t install the theme(s). I’ve never seen anything like this before so I don’t know what to do, and I’m weary of deleting a functions.php file. Any insight is appreciated! Thank you!