Never pass up an opportunity to sell more stuff -lol! I ended up running my own scans, but really - hosting support should be doing that, not their marketing agency. AND the exploit edited their htaccess. Pretty sure it was done via a plugin, but wouldn't they maybe want to make sure it wasn't a server level issue? I still have a couple of old EIG accounts, but I don't need support and I'm ready to run elsewhere at a moments notice.