The hex obfuscated script is known as such, it is also known as Riskware.Script.BetterSurf.ctbzhb or BetterSurf malcode script.
The defacement hackers used such a hex-encoded shell script, dear Pondus, and I ran it through a hex-decoder
(Sucuri's has a nice one available on their site and there are others to be found online too),
Damian
Trojan:JS/Redirector.A is detection for a specifically obfuscated Javascript URL that typically is used to redirect users to websites other than they expected. The obfuscated Javascript may appear on a malicious Web site, or may be sent via an HTML-based e-mail message, or may be included as part of an exploit. Manual removal is not recommended, use av solution. Links are activated within IFrames while viewing Web content on maliciously modified pages. Alert notifications from installed Antivirus software may be the only symptom(s).
Code is specially related to the Windows Vista platform....
D