Guys, there is / are standard procedures to clean a hacked site, including dropping everything from the live server, uploading a 100% clean installation and ensuring the DB is cleaned of any corrupt snippets, plugins etc.
Ensure that the system has no users that aren't showing in the manager, no re-named snippets or snippets that have a very similar name or misspelt name.
Then re-install, once the new install is finished delete all snippets, plugins and modules that are not installed or that are not going to be used.
You can
contact the DEV team directly, but you must supply all infos that relate to attack dates, system errors, Evo Logs etc.
And last but not least - report this kind of issue on
GitHub, not here