Fixed. The upgrade deleted the imagerotator.swf file.
I am fighting the same hack. What is happening is code is being run from your cgi-bin directory. You have to find the cgi-file and then find out which template file it is in.
For example, this is how I found mine:
find . -name \*.php -exec grep -l “cgi-bin\/wp-head” {} \;
I am still unsure how they hacked the code at this point though.
I was able to resolve this. I moved my database settings outside the web root and did an include. The problem was I had 2 lines after the ?> at the end of the file.
I’m having a similar problem. I was able to get it back up temporarily by deleting all themes and plugins. Then reloading them one by one after I went to the Presentation and Plugins directories.
The problem has reoccruued though today.
