Thanks for the responses songdigtech and hedronist.
Firstly, I had assumed that the core files are good because the hack is restricted to one site while the wordpress install is running 4 others. I really do not want to go through the entire process of creating a new wordpress install and setting up all the sites.
Secondly, there are a few posts I read online where wp-multisite experts claim that the core files are the least likely targets of a wordpress hacker, and that re-installing wordpress is often not necessary.
In any case, I think I have to get professional help on this one. I am way in over my head here. I wish there was some way I could do some damage to the hacker. I used firebug to identify the source of the image: http://www.al-ebda3.com/xxx/1111111111111111111111111.png
Thanks a lot for the advice.