It's proving troublesome to remove and has now infected various areas of our forum. Initially, we discovered that it was redirecting people by infecting our local jQuery - this was resolved by changing the jQuery source to Google Ajax in the ACP. We figured the problem would be solved after that, but our users continued getting redirected when they clicked links in the discussion list. That was resolved by clearing the discussion list cache. Now we're really struggling and believe the intruders are using SQL injections to add strings of text & HTML into the notices at the top of the forum. The last time I was redirected personally was when I was trying to log into the ACP.
We're looking for a solution to what now seems to be a constant infiltration of our server. Any tips?