ok - so i'm having particular fun trying to stop a bunch of websites that got hacked on cpanel level, cleaned. so wpmudev defender thinks they're pure and stoic, but they still generate a error_log file at random places, and i ftp'd up the wp-admin and wp-includes folders from a fresh de-zipped folder on my machine, only to find that some of the files had "recreated" themselves even through the folders themselves were deleted.
so i kinda suspect that there really is SOMETHING there...
i found gotmls.net, which claims to clean from public_html level, and it identified a bunch of .js scripts that are "potentially" harmful. now - considering that i think there's SOMETHING there... i need to find a place to start... naturally, they all live in the wp-content folder.
so - short from restoring from backup, how do i figure out if those are clean or dubious?
i'm now running the final cleanup with every single tool i could find, and then i'm going to bring the backups down to run on WAMP, overwrite everything i possibly can and scan again, and then take the brave plunge of publishing up to my new server... as we say in Afrikaans - hang on to my drink for me, and watch THIS move....