Person must understand not only wordpress but understand scripts that hackers may use to hi-jack sites. I have a site that is based on Wordpress. It has been working fine. This morning I had added my Google Analytics code to the footer and decided then I would update some plugins. Anytime I clicked on the settings of a plugin I had added it took me to: http://example.biz/ I have disabled all plugins and added then back in one at a time and it still does it no matter how few I have and when I change up the order I reload them. I had someone looking at it and he is giving up after working hard trying to figure it out. He did discover the hacker is somehow loading an iframe to facilitate promoting his url. If anyone is willing to take a look I would sure appreciate it. Let me know by PM and I will send you ftp, wp-admin etc. The other member has done this: -checked all plugins for malicious code, and deactivated them -checked .htaccess in root + subfolders -installed a fresh copy of WP 2.7. -checked database for noscript, display,... Also see image attachment below for more information he provided. Please reply with quote and how quick you can get on this.
One thing to consider if you are on shared (or worse free) hosting is that this could be done at server level. Try uploading a blank page something.htm and see if the iframe has been added.
Its a dedicated server. The iframe only hijacks admin setting urls. The hijack does not effect what the user sees. Thats why I need someone with both server and wordpress skills.
I have experienced your pain, and have thus written a program (paid - but worth it) which scans daily to see if you have been hacked so it can be fixed quickly. Not the answer you are looking for, but it is good to know. It is in my signature. Good luck man.