This sounds like what happened to one of my clients' websites, except that it happened to an installation of MODx Evo. Not sure how helpful this will be, but here's what I did to fix it.
1. Zipped my MODx installation on my server, then downloaded it locally
2. My antivirus (!) detected a folder called "buyvalium" in one of my older directories and flagged it.
3. I removed that directory via FTP
4. Then I looked inside assets/cache and saw a bunch of fishy files - assets/cache/1.data.php, 2.data.php, 3.data.php, 4.data.php, and 5.data.php. I deleted all of these.
5. I also found a mysterious
Core Services plugin that I never installed, so I disabled and deleted that. After I deleted that, the pharma pages disappeared from my site (though they still exist to Google).
6. Also removed QuickManagerManager and ForgotManager plugins
7. Then I upgraded my MODx installation and changed my FTP and MODx passwords
Hope this helps... it's been a nightmare to clean.
Also, make sure you remember to ask Google to Re-Review your site so that it removes the pharma pages from your site index.