Hey guys I have been trying to help a friend fix her WP that was hacked. I pulled down her theme and uploads then deleted the entire site. Next I uploaded a clean install of the latest WP build 3.3.1 and began to rebuild the site.
After uploading the new build I followed the install setup and re connected the db. NExt I re-uploaded her theme and uploaded her uploads files. What I noticed that was in her theme some PHP had been injected so I deleted all of this code from the theme. But after all this I noticed that the links to her 'pages' we're still redirecting to some .ru site.
Obviously this must be a database hack but I'm not sure where to look. After googling some I noticed some people pointing me to the wp_options table but I am not seeing any problems at first glance here. Anyone have some thoughts so me? Thanks!