We’re dealing with something similar in our office at the moment.
Reload everything from known good sources or a backup. The image uploads seem okay, but everything else (php/js/etc) is suspect. There is usually at least one .php in wp-content/uploads that is used as the initial attack (usually in wp-content/uploads/12/ ) Delete that, and delete any .htaccess files before restoring.
Do not just process the two files. Delete the .htaccess files Reset database settings in wp-config.php (delete wp-config.php, then run first part of the install, restore DB).
BTW Were you running Google Analytics plugin by any chance? Any SEO plugins? I’m suspecting that RevSlider might not have been the only plugin involved in the initial attack.
Look for any php files with eval( in them, and treat as compromised.
Feel free to reply.
