I'd also check your forum/includes directory...on 4 of the sites there has been an exploit script in there, title of 2011.php
Oh, I forgot to mention, my file was named admin_2011.php.
I was just assuming that was it simply by your description, so I moved it.
Is there an easy way to prevent .php files from being uploaded to the includes directory? I'm tempted to just run an rm *.php on that directory every minute if not.
