Dag nammit! 1&1 write-enabled the site index.php file and we got hit by that ******* exploit again.
I've sorted the index.php file out now and write-protected it, so it should be OK now.
I'll find the hidden exploit file later when I get home. If you can disable Java in your browsers, it would help as this stops the iFrame.JX payload of the exploit from running.