OK, I take that last part back - apparently the main index.php file, and only that file, was encoded to try and load an ActiveX control known as "JS_DLOADER," which (if allowed to run) would then handle the redirection to other websites, if not attempt to download stuff from them directly. That particular file was removed from circulation as soon as we could manage it, but I'm afraid it had been in place for nearly 7 hours by then.
But in a sense, the first pare of that is actually good
news, because it not only explains the fact that Firefox users weren't affected, but also why many (if not most) IE users weren't affected. Most IE users these days don't allow ActiveX controls to be loaded and run without at least prompting the user first, even if (or rather, particularly
if) an anti-virus program isn't installed.
Nevertheless, if your security settings are, shall we say, unusually optimistic,
then you might want to search your computer for a recently dated file, most likely named "JS_DLOADER.DAT" or something similar (and be careful not to delete anything important, like your JScript Runtime Environment files).
Again, most (if not all) up-to-date anti-virus programs would have caught this and prevented it, but just in case, here's a page on the "Typical Virus Removal Procedure" from the Spyware and Malware Removal blog:http://spyware-malware-removal.blogspot.co...-procedure.html
Last but not least, this sort of "mass SQL injection" exploit seems to be all the rage lately in the 1337 H@xx0R!!11 community, and has apparently been used to mess with thousands upon thousands of websites all over the world. So, it's with considerable regret that I'm forced to conclude that this was not a Wikipedia-inspired conspiracy or elaborate revenge plan. Not that I would have assumed anything like that,