PHP Injection Attack - how to best clean up the mess?

Once in a while my shared hosting environment gets compromised because, well, I failed to keep the portfolio of my installed apps patched up. Last week, it was because of an old and unused installation of a PHP application called Help Center Live. The result was that every single PHP file on the server (and I have several Wordpresses, Joomlas, SilverStripe installations) had code added that pulled cloaked links from other sites and included them in my page. Other people report their sites banned from Google after this kind of attack - luckily I seem to have caught it early enough. I only noticed it when browswing to one of the sites from my phone - the page had the links included on the Mobile browser.Once in a while my shared hosting environment g