@webtrackstudio
Doing find and replace on an SQL file is very dangerous. It doesn’t take in account serialized data, which WordPress heavily uses. More on it here.
You need to use a search/replace script or plugin that will re-serialize replaced data. Otherwise your database will be scrambled and you will lose data.
I recommend using this script:
https://interconnectit.com/products/search-and-replace-for-wordpress-databases/
—
@popeye1
Now, about cleaning stuff up. If posts are redirecting to malware site, then most likely it’s a file(s) that’s infected. Here are some steps to try to narrow down the source of infection.
Side note: If you haven’t replaced all core files yet, please do so. Delete “wp-includes” and “wp-admin” directories, and upload a fresh set. You should also delete all “wp-…php” files in the root directory, making sure wp-config.php is not deleted.
Make sure to backup your site and database before proceeding.
1. First we check your theme files. Simply install a theme from www.ads-software.com repository, any theme will do. And activate it. This will be temporary. After you activate, clear any caches you might have and check your posts. If you’re being redirected to malware site, your theme most likely is clean. Re-activate your original theme.
If the theme is the source of infection, I would recommend downloading a fresh copy of the theme, deleting infected theme files completely, and uploading a fresh copy.
2. Now check plugins. Deactivate all plugins, either inside WP admin or by renaming plugins directory to something else. Once they’re all deactivated, check posts again. If redirection is gone, then one of the plugins might be infected.
Now, begin activating plugins one by one, checking posts for redirection. Once malware redirection is back you’ll know exactly what plugin is infected. Delete the files, and re-install that plugin from www.ads-software.com repository or download it from author’s website (if it’s a premium plugin).
If it’s still doesn’t help solve the issue, try the same approach for “uploads” folder. It’s unlikely the code is there, but as last resort do check it.
If in the end it still there, come back and let me know. We’ll see what else we can do to find it and remove it.