this theme does not have a theme folder called arras-theme that u are suggesting. It has wp-fanzone. Sounds like you were infected independently of this theme.
And the infection is to a typical, well known culprit: timthumb.php. Like all of us you should never use that plugin. Every bad person looks for that php file as their attack entry. Just check your server logs -- gotta be like 100 attempts searching for that file every hour.