Looks like this didn’t clean things out. Got another attack and blew away igncap.com. Now looks like an iframe insertion virus which gets in via a bad PHP script. Not hard to do. My site has literally everything I’ve put on the Internet in the last 15 years so lots of these bad scripts lying around. Spending hours deleting old (sniff!) MovableType, FrontPage and everything else. I have most of the content from about 2000, but most of the ancient 1994-1999 content is gone!
Site is now basically up with the iframe junk out, but I”m hoping I can find where the PHP is actually living.