Well, I think I have a handle on it.
First of all, the working through the list of ten links didn’t help me much. Just too much information for me.
The first tip I’d advise anyone else facing this is, install the antivirus product, and have it scan the themes, and take whatever it tells you very seriously.
I found I had crap in my database (things like “lavitra” but spelled backwards, making them difficult to find).
Then I found the functions.php was hacked and had to remove a bunch of code at the bottom.
I’m not responsible for this side, but the WP “professional” didn’t have a clue. I’ve locked him out and tonight I’m going to ask him if he has a copy of the functions.php, and I’ll see if that one if infected, too.
Well, looks like it WAS pointing me in the right direction. I found a _metaog_x in the wp_options table and it had a bunch of drug links (all spelled backwards to make detection more difficult). I changed the option name and now the antivirus isn’t tripping on that aspect, but still doesn’t like the unserialize strrev, so I have to look into that.
