All offending files have been deleted and the hacked web site has been cleaned and re set, we will monitor it closely to check there are no recurrence. I have also disabled .NET on the server as it is only used by one site and I will move them elsewhere.