Thank you for the help so far. I am not very experienced with this stuff (MySQL databases and coding beyond HTML/CSS, and basic Java) but if I understand what you are saying Neal, you want me to look through the MySql database for my WordPress install and see if there is any suspicious code there?
You seem to be suggesting that the database is in chronological order, so this code in question would be near the top?
Two other questions,
are even the newest versions on TimThumb insecure? (If so what would be suggested as an alternative plugin or script)
there were two older installs of WordPress on my site that hadent been updated in 3-4 months. could the malware have gotten into the server from there and then propagated to the rest of the folders? I have now deleted those databases and folders and am waiting to see if the malware is coming back.
Thanks again.
