30
This attack is nothing to do xoops.
I had it on 30 sites which i had.
This is how it was done.
I down loaded a nulled programme to have a look at and unknowingly injected my ftp connection with a virus which did the following.
1) Once i loaded up the ftp programme either using a software or through windows the virus became active.
2) The virus then had access to each and every site that had a user name and password stored in the memory of my local machine.
3) It then proceeded to attatch a <script> to each and every file on the servers no matter even if they were on different servers.
4) It affected all index.html, login.php, admin.php files.
Easiest solution is scan your computer because it was you that actually infected all your sites by using this so called free software.
A very timeous lesson learned by me.
Even when I checked each file and deleted the problem piece of script. When I uploaded a clean file the virus simply attached its self to the clean up load.