Links are there for a reason when I post them :) It cuts down on repeating exactly what you did.

Two of my sites got owned and both were defaced, one had a malicious javascript added to the template index. Fortunately the Joomla passwords were not the same as the server passwords.

Wiped both Joomla installs, installed 1.5.6 and patched to 1.5.7, all good so far.

Guess I should thank the invaders for merely defacing the sites, they could have been clever instead and turned the scripts to their advantages by installing some custom modules. Something like that could go unnoticed for a long time.

On a side note, I have noticed some unusual requests in Awstats 404 section relating to Joomla, and quite a few referrers coming from Google "Powered by Joomla".

People are going nuts with whatever new exploit is out. If you use Joomla you should patch yourself with the quickness.

We rolled out 3.61-2 with Joomla 1.5.7 (and the Wordpress security update) several days ago. In this case, there's need to manually patch--just stay on top of updates via the Virtualmin Package Updates module.