geoffb - 9:15 am on Aug 27, 2010 (gmt 0)
londrum, that is right, even multiple .html pages are affected, it is a script that looks like no other and in some files the same script is present up to 4 times in the one file. Our host (oneandone) are of not much use, they have just mailed me to off a scan of our webspace to look for malicious files and lock files with a chmod of 200.
Is this something I should ask them to do.
I have succesfully restored 2 directories with websites in them by removing the code from the infected files and re-loading, then we have through the Google webmaster tools requested a review which has been succesful on the two I cleaned. Once done we have updated any outdated versions of the CMS.
As I mention, one of the sites infected is a full html website with no Database or CMS within it.