I have a clients website in Joomla! [url removed, login to view] that was recently hacked into. I removed a large number of files from the server that were added. I am still missing something as there is a script injecting an IFRAME above the DOCTYPE of the HTML page which causes the homepage to take about 2 minutes to load. I am looking for someone that can figure out where this piece of code is coming from and remove it.