GuysNation_Rob,
A few days ago, several of my blogs were injected with the same malicious iFrame script (right down to the affiliate link of the user who is behind it). All told, I had about 8 blogs on a single shared hosting account that were affected.
My first means of resolving the issue was to restore a backup of the databases and website files, change all my passwords and DB usernames, delete all my FTP accounts and watch. Within two days, one of my blogs was redirecting again. I deleted the directory and all subdirectories for that account, then watched. So far, so good.
Despite the fact that the problem seemed to have been resolved after I took the above steps, I’m not certain that I actually isolated and removed the infected files. In fact, I suspect the server may have been infected. The fact that only one blog was re-infected may have more to do with changes they made to their server after I reported the problem than anything I did to correct it on my end. Just out of curiosity, what hosting company do you use?
