Before getting too drastic and doing brain surgery, you may have a few options. I backup parts of my server either weekly or monthly (depending on usage) and ALWAYS backup before a day of hard editing.
1) download your existing install.
2) If you have backups, you can use a program like Win Merge or similar and run a compare with one of your backups.
3) In your case, look for differences in .php files.
4) If all looks well, there is no reason to go through a fresh install.
5) Monitor closely for a month. If the back door is still open, they will be back and do it again. If you plugged the hole, this will be the end of the problem.
if on a linux system you can also do a "find -R..." and GREP and look for the "location..." or include text.
I wrote a set of PHP tools that allow server side pseudo Linux like tools that include a pseudo GREP find & replace.
It includes a report only feature so you can decide if you really want to proceed with a command.
https://sourceforge.net/projects/php-toolbox/
1) download your existing install.
2) If you have backups, you can use a program like Win Merge or similar and run a compare with one of your backups.
3) In your case, look for differences in .php files.
4) If all looks well, there is no reason to go through a fresh install.
5) Monitor closely for a month. If the back door is still open, they will be back and do it again. If you plugged the hole, this will be the end of the problem.
if on a linux system you can also do a "find -R..." and GREP and look for the "location..." or include text.
I wrote a set of PHP tools that allow server side pseudo Linux like tools that include a pseudo GREP find & replace.
It includes a report only feature so you can decide if you really want to proceed with a command.
https://sourceforge.net/projects/php-toolbox/
Thanks,
jwzumwalt
(\__/)
(='.'=)
(")_(")
jwzumwalt
(\__/)
(='.'=)
(")_(")