Thanks for the suggestion, mandville. I checked the cron jobs, and they look clean.
I learned from going through my apache logs that a main vulnerability was in an old extcalendar component that had never been deleted from the site (I'm new at this job, and I inherited kind of a mess). URL injection was occurring at an astonishing rate. I deleted that component (did I mention it wasn't even in use anymore? sheesh). And the hole seems to be plugged now.
The previous web administrators didn't appear to do anything to secure their joomla installations. I had to change the php.ini settings to the recommendations in the Joomla security forum. And many of the file and folder permissions were set incorrectly. Register globals was ON when I first gained access to the backend of these sites (my first clue that we were probably compromised). So I've been cleaning up a pretty bad mess.
As for my infected files, I found redirect scripts inserted in the main index.php, pathway.php, the template index.php, and in the editor/editor.php files. The scripts were both plain php and base_64 encoded. I also found stand-alone php files with what appeared to be random 5-character string file names. I think these were the c99madShell files. I found them in the images, media, and template folders. And in the main Joomla folder. They were all base_64 encoded. (Decoder for base_64 code: http://www.3dmobility.com/decrypt2.php
Start from "eval" and include the semicolon at the end.)
Once I had the main holes plugged and the dangerous php functions switched off, I cleaned out all the malicious scripts and files. So far so good. All my sites are still using Joomla 1.0.15, and my next project will be migrating all three to 1.5. Hopefully I can hold the line until then.
The most useful tool in all this was pouring over apache logs. Look for any weird POST requests. Look for anyone trying to insert external URLs into your URLs.
Also, if malicious redirection is your problem, check every file that your main index.php includes. That's how I found the scripts in the editor.php file.
It's been a stressful first month at this new job!!!