I'd recommend you kill php execution in that directory to make sure backdoors like that Filesman are never used again. I talk about that here: http://blog.sucuri.net/2012/08/wordpress-security-cutting-through-the-bs.html
<Files *.php>
Order Allow, Deny
Deny from all
</Files>You want to make sure you use this in uploads as well.