i have a web server set to host about 75 web sites. it runs Windows server 2003 and is fully up to date with patches etc. someone dropped code into every html file on the server that redirected to a hidden iframe that was a virus ladden site. the orignal site does appear and the end user is largely unaware other than a breif delay however the virus exploits several apps like quicktime,winzip etc.we thought we found the issue (PHP vuln.)scripted out their changes and removed PHP which was on the box but unused. the issue appeared again today about a week after the first exploit. i have found a couple somewhat similar issues on other forums without any real solutions being posed. any assist. would be appreciated.