I tried admin tools (akeeba)but just got 500 errors when I tried to run the file checker.
I installed this component, ran it and found the infected file in seconds. It was actually in a very obvious place but 1 line at the top where I didn't notice it.
Thankyou, this is a life saver!
After running it through xenu I found the module was producing thousands of useless urls (the server slowed to a snails pace whilst xenu ran the link request) nearly 3000!
I'm not sure if it was a problem mixing with superblogger as the result was the same with superblogger turned off, but there's something on my site it disagrees with.