Based on the strange characters, it seems to be malicious scripts and not a bug. Use the plugin referred to in this thread to attempt getting rid of the malicious scripts:
Please also check over all your installed plugins and have your contractors do the same. You or a contractor most likely installed a plugin that they believed to be the original, but was actually a reupload by a malicious user.