MxAngel - 4:06 am on Jul 11, 2012 (gmt 0)

Most importantly, how do I stop this dead in its tracks? Any help would be severely appreciated.

Any chance you're using Plesk? If yes you need to change ALL passwords. More info: [kb.parallels.com...]

You need to go through your logs, see which files they did modify, either htaccess, php and html files.

It looks like you're using AJAX to generate the content, look in php & js files for code surrounded by c3284d.

More info here too: [stopmalvertising.com...]