check out in the options table. I once had a hacked plugin that was writing executable code in the options table, and by that, it was able to reinstall itself again and again.
Well securing the page should be a matter of less than an hour. Just export those pages, make a fresh install and import the pages back in 🙂