STEP 4: Timthumb Notes
If you feel your site was hacked and it had to due with the TimThumb security vulnerability announced back in August 2011, you can simply update your timthumb.php file with the latest version found here. However, if your issue or theme is recent, this is most likely not the cause and you can continue forward to the next step.
It’s also worth mentioning that the timthumb vulnerability affected inactive themes as well. Therefore, be sure to check all your themes in wp-content/themes folder for this file and update accordingly. However, in a subsequent step, I am going to recommend deleting all themes except your active theme to eliminate the chance of any malware remaining on the site.
Please note that some themes and plugins have renamed timthumb.php to thumb.php or thumbs.php. If you see one similar to those in your theme(s) or plugin(s) please contact the particular theme developer to find out definitively if they are using timthumb or a derivative of it.