2011.php isn't a valid UBB.threads file; seems someone either exploited something on the server or uploaded the file to the server and chose that folder to store the file in as it's not generally accessed by anyone doing anything other than upgrading a site.
You should ask them to look at your server logs for any type of activity around the time that the file was created.
To change the MySQL password, you'd just simply open the /includes/config.inc.php file and change the password line, after updating the password through the MySQL settings page supplied by your host.