I have a similar problem. Not only did I find an options.php in the wp-content folder, there was one in the wp-content\themes folder too.
Both had the code mentioned above.
Did deleting the options.php file do the trick or did you have to do anything else?
Jan,
One of the links mentioned investigating suspicious plugins.
My site had a “Login-Wall-HQTSK” plugin which I do not remember installing and activating. The plugin folder had only one file -“login_wall.php”.
This link too seems to suggest there is something dodgy (although it could be about a completely different plugin) – http://wordpress.org/support/view/plugin-reviews/loginwall-for-wp-beta?filter=1
Thank you Jan for your super quick response.
Some of the things that I have already done (and which did not work) are:
I created a new database with new user-id and password. This did not work.
I am currently going through the Hardening suggestions.
Regards.
