A co-worker's WP installation is flagged "Infected!"
Two dozen earlier .sql backups are similarly infected so meanwhile I found a clean 2009 backup and put that on the server.
I looked around the latest raw .sql file and found obvious rogues, then I used phpmyadmin on my desktop to delete the rogues, and re-installed the database to the server.
The database is compromised by 200 or so nonsense URLs that are easily identifiable by derivatives of author "jonn" and by IDs in the sql file, for example a small extract is shown (1) below.
In phpmyadmin, I deleted entries "askimet as submitted" and "askimet result" in the 1.5Mb .sql file - screenshot (2)
It did not resolve it and the project is still flagged "Infected!" by my Avast AV program.
Please ... will you add to my learning-curve by suggesting what I am not doing?
As an afterthought I looked at the root index.php and found this (3)
I loaded a clean index.php to the temporary installation.
** In anticipation, thank you. If I have missed a help/faq entry already on these forum pages, it is not for lack of looking pretty hard.
2) rogue 2
3) rogue 3