[TheLastSuperman]

- If you have database backups from the last seven days then you *should* be fine, if the hacker did not compromise the forum until just recently i.e. before the backup was made.
- If the hacker compromised the site via SQL Injection or similar and modified the database then you will be restoring a hacked site basically. You still need to test and confirm that by uploading the backup into a new database and then in config.php simply point it to the new database name, database username + password then BAM it connects and you can check that way.
- The only issue I see here IF the database backups were not compromised would be IF you stored attachments and such in the filesystem (meaning it saves in folders on your server not in the database despite some misc references there so it knows where to snag the attachments from etc) because if the hacker modified your attachments and you only have backups of that folder from two months ago then oye... might be missing a few attachments but usually hackers don't bother with those (still check the datestamps on the attachments for any edits to files).
- Remove vBSEO and change your site to use Mod Rewrite Friendly URL's.

So what you need to do is make a current backup of the site whether its hacked or not its a vital time in this restore process so don't be afraid to make as many backups as you need to, as you go - follow? Meaning that once you find something and remove make an immediate backup BUT continue working on the same database you're trying to fix, then if you happen to run the wrong query or make a mistake and delete something you can restore the last backup you made and resume instead of going back to square one!

References:
http://www.vbulletin.com/forum/blogs...ve-been-hacked
http://www.vbulletin.com/forum/blogs...vbulletin-site