Then I would have contacted my host and asked if they know about any sites on the same server being hacked. Also I would download the IS logs and inspect them for any clues. If files were uploaded due to some fault in mojoPortal you would expect to see evidence of it in the logs.
So even after restoring the mojoPortal files you would need to try to find out how those files were created or they may come back again.
Hope it helps,