Your website has likely been compromised. Some pages may have had javascript inserted at the top of the page that redirects to a random page on http://84f6a4eef61784b33e4acbd32c8fdd72.com and/or you may have had .htaccess files inserted into every directory on your site with a RewriteRule that achieves the same effect, but not requring the client to have javascript enabled. One of the sites on our server had an insecure installation of phpMyAdmin which seems to have been the way in for the worm but I am still looking for more info.

Check your files, check security of any tools that you have on your site and do some cleaning up.

Other interesting points - that domain name is the MD5 hash of the word 'antivirus'. The hack on our server appends the IP address of the site's visitor to another random hash, which redirects to go.php. go.php probably does something like log the visitor's IP address - it doesn't appear to do anything else to the visitor apart from generating another redirect to 178.162.150.21 with some obfuscated parameters. This script must do something with those parameters (it's not clear what though) before issuing a redirect to google.com, which is what you see as the end result.

The affected site was compromised at 03:05 GMT on Sunday 12th December. Does this tie in with what happened to you?

It's possible that this was a buggy test run (I have no idea why logging the IP address of a visitor would be useful for an attacker for example - I'd have thought logging the IP address of the compromised server would be more useful). I've been able to find no real mention apart from this of this posts and rainbow tables linking the hash to the word "antivirus"

The domain 84f6a4eef61784b33e4acbd32c8fdd72.com was first created on December 9th 2010 with a Hawaiian technical contact.