When the File Manager opened I noticed the favicon was the Chinese Flag. So my heart starts beating a little faster. It shows up in a couple of the other cPanel folders, but not all of them and not the cPanel itself. I looked through all of the index files, htaccess files, headers, footers and everything else and I couldn't find any malicious code. I did a "view source" on the File Manager page and couldn't find the favicon line.
I am going to delete the site and change the passwords but I want to try to find out how they got in and what they did first.
I have WP 3.2.1 installed on it and I just created the site about a week ago. The flag doesn't appear as the favicon on any of the WP admin pages.
Anyone seen this before?