Verifying uploads and shared areas
The
uploads folder, created in the site root's wp-content directory when first you added media via the Dashboard, is a common hangout for hell-bent files (that's anything from zips to pics). After an attack you can't quite trust anything here. The easiest thing is to revert the folder content to a known safe state but, for some, this is a last resort tactic.
Use the previous tips to check for changes, scan the lot with antivirus tools, and ditto these procedures for any other shared areas, commonly for FTP.
