Re: I’ve got a worm.
Wont help and might be obvious but the absolutely vital and most urgent issue to tackle when a server is compromised is that you MUST identify the means of exploit, work out just how this has happened and close that vulnerability – start trawling through your log files for starters. To be able to inject code directly to a functions.php file is more than a little worrying. If there is a exploit out there it needs to be identified and reported to the core dev team to investigate and patch.
Edit/ ok so it appears less an exploit than simply malicious code in a particular theme, for which there is little protection against really as in reality you have uploaded bad code on to your server yourself rather than the bad code needing to find a means of gaining access to the server.
You are going to have to identify what theme is the culprit which given you have so many is going to be painful but it’s likely going to be one of the last that you uploaded, also you can probably discount any themes that are well known and reputable i.e are rated and listed on WP.
P.S I would remove the patebin code fairly soon after perhaps one or two more experienced BP/WP hands have had a peep, one doesn’t want to make public malicious code?