>>>>
>>>>How the malicious script got into your page?
>>>
>>>I don't know. I would not added this type of a long script if my life depended on it <g>. The hosting company support person said that either someone hacked into my account (and he suggested I change my user name and password); or one of the computers I use for connecting to the site (I use CuteFtp) could have had the virus. I only use one computer (this one) where I have Avast installed. I will do a full scan tonight to see if Avast will find something. And I am also thinking about purchasing a commercial AV software, in addition to Avast. Actually yesterday I bought SpyBoot AV/Firewall software for my daughter's computer. Today is the 2nd day and she has not caught any virus on her PC yet <g>. She actually had Avast installed on her PC but it did't prevent her from catching some Trojan (from one of the music download sites).
>>
>>If your site runs certain software such as phpBB, it may have become infected through a vulnerability. If you don't fix the vulnerability you'll just get infected again:
>>
>>http://it.slashdot.org/it/08/03/17/2358207.shtml
>>
>>There have been several cases of mass exploits lately.
>
>As far as I know my site does not run phpBB software (I don't even know what it is). My site is designed in 100% ASP.NET 2.0. But it could be that some of those who create the malicious scripts got into my site some other way. I just don't understand why "they" do it? What do they gain by it?

Usually, scripts that are dropped on to sites like yours redirect to other, malicious sites. These malicious sites may try to entice unsuspecting users to install trojans, spyware etc. or may attempt "drive-by" installation of such software by probing several known vulnerabilities in various Web browsers, that users may not have patched. In other words, just by visiting your site, your visitors' computers get turned into zombies or spambots. This will not do wonders for your reputation, so you need to address it RFN. A warning from Google like you had can easily be the kiss of death for a site - this is not an exaggeration.

It could be that your account password(s) have been compromised - if so, change them, and make them strong passwords. If you use what could be a compromised password in other places you'd better change those as well.

Also, you'll need to check all software used to build your site, from the bottom up - Windows, IIS, .Net/ASP.Net, and any 3rd-party libraries you're using (e.g. DotNetNuke). Make sure you're fully patched against security vulnerabilities with all these products.

You might want to hire someone who is an expert in locking down a public website like yours, to make sure your attack surface is minimized and that best practices are in place.