TinkyWinky - 12:17 pm on Dec 28, 2012 (gmt 0)

Also - are you using OpenX or similar adserver - as they may be the issue. It was with our sites and took us a while to completely cleanse and turn off "preappend" facility - which is where the iframe code was placed by the hacker.

Good luck - it's a right pain in the ass and wastes a lot of time unfortunately!