jk3210 - 4:36 pm on Aug 27, 2010 (gmt 0)
Five of my WP sites were hit with this just last week. (Note to self: On brand new Win7-64 machines, make sure NIS is also set to scan incoming Thunderbird emails)
I called the guys at Hostgator and they were on it in no-time flat. They cleaned all the iframes off of all 5 sites, and gave me a general description of how the virus worked. They even included a clip of my FTP logs to show me exactly when the mothership ftp'd in the infections to each site.
After HG cleaned the sites I made sure my local machine was clean then immediately changed all my passwords and every thing was back to normal again, EXCEPT Google had spidered my main site while all this was going on and marked it as "This page may be harmful to your computer" or something along those lines.
The whole episode from infection to Google removing the warning took about 26 hours.
If you want the mothership IPs, let me know and I'll sticky them to you.