Thanks Dave, that was really helpful. The file did have a nasty iframe code in it, but it was useless as the rest of the folders and files it was trying to communicate with have already been cleaned from the site a week or so ago. I have removed this also.
As a result of this incident I have tightened up security again, changed passwords etc. I am also looking to get some software that emails me automatically if any file is altered or added to the server.
It’s a constant battle, so again thank you for reporting the issue it is vital to get this type of information.