Ah -- I found a big block of weird code in our functions.php file. I deleted all of it, and replaced with a "clean" functions.php and the Viagra link is now gone.
Can anyone recommend a way to prevent this? How did they get into our functions.php file? Is this an issue with the host, Netfirms?
Thank you.