Hack recovery and Weaver theme

My site at https://bridgewaterva.com was hacked via the timthumb.php exploit. I cleaned it up, changed passwords, reinstalled, changed passwords again, etc. My fresh new installation is running under the Weaver theme.

Here’s my worry: With this fresh new site, the Antivirus for WordPress plugin’s scan shows multiple vulnerabilities of this sort:

(Big red border, followed by this text:)

There is no virus View line 1061 require_once('wvr-includes/wvr-wphead.php');

and the emailed results of regular virus scans say the site is vulnerable. Is vulnerability inherent to the Weaver theme, or is it just a false alarm, or what? (Is there anything about Weaver that makes it especially “hackable”? Can infections be spread through its .wvr settings file — unlikely as that seems, since it’s just a bunch of text settings?)