This tale is somewhat less exciting than the previous episodes in this long saga, however. The problem code, which is causing the hijacks, typically appears in various HTML gadgets, and is not difficult to find. The code appears to consist of simple HTML gadgets, intentionally installed by the blog owners.
You'll probably not find this hack by editing the template HTML code - it will be an HTML gadget, located in your sidebar or maybe the blog footer / attribution section.
If you use a text only proxy, like the Rex Swain HTTP Viewer or the Web-Sniffer View HTTP, you can retrieve the blog in safety. Then, do a simple text search on "hijriah.jentayu.com". You'll find something like
</div><div class='widget HTML' id='HTML7'> <h2 class='title'>.:: Today ::.</h2> <div class='widget-content'> <script src="http://hijriah.jentayu.com/hijriah.php"> </script> </div>
See the Title of the gadget above? If you title your gadgets, it's easy enough to find.
<h2 class='title'>.:: Today ::.</h2>
Having identified the offending code, use "Page Elements" and delete the HTML gadget. And be more selective, when choosing third party code.