I replaced the readme.php with the "evil" code with a blank one and it has not been replaced by the evil doers. What other cleanup do I have to do? There is no call to readme.php in the code that I have searched or the database. Where could it be calling from? I notice that after every legitimate page is called, a readme.php is called. So its being called internally.
After cleaning up, will google naturally see that the bad code is going when it reindexes readme.php or do you have to contact them for reinclusion?
I couldn't believe it shut down the google clicks in only a day after infestation. I see no symptoms other than a lot of readme.php accesses.