Ok, thanks all. I'll just replace the site with a backup then...sigh, and change all passwords again.
You're welcome.
As Polonus mentions, you need to ensure you have the latest versions of any content management software (CMS), Joomla, PHP, etc. as this is usually the entry point for hackers old CMS with vulnerabilities which can be exploited.