Possible Duplicate:
My server's been hacked EMERGENCY
I've got a new client whose site looks like it has been hacked. It's running Drupal and I have run Hacked on it to verify that the file structure hasn't changed. I can add the Paranoia module, but it's a bit late.
Unfortunately, the site was developed with a lot of PHP code inserted directly into nodes, so a lot of custom code is sitting in the database. It's all run through eval().
What I'd like to know is how to quickly search through the database to determine if there is malicious PHP or Javascript that I need to clean up before migrating the site over to a more secure environment.
I can search for '' so could search for that.
Any thoughts or best practices would be appreciated.