If your site was attacked by the 'netsol' iframe hack, we just wrote a script that may help you. This may not be a definitive answer to the hack, as we haven't gone through the entire file and database structure to see what fully has been affected, but it is known that the "siteurl" record in wp_options table is updated with the iframe leading to the hacker's URL.
This script checks every time the site is accessed if the "siteurl" record has been changed from it's original state. If it is changed, it will re-update the record back to the original URL and load the site seamlessly.
Here is the URL for the "sitecheck.php" script, the instructions are in the file. If you need help, please let us know. Hope this helps some of you.
file can be downloaded at.....
*removed by mod*
Make sure you rename the file from "sitecheck.php1" to "sitecheck.php". This is done so the browser doesn't try to load the page.