Yeah, it's a pain. Remember: the cache is just a symptom. The file is in there somewhere before it gets pulled into the cache. If you're on the command line on a Linux server, you can search across multiple files for a given pattern using grep, e.g.
And that can help you locate which file(s) are tainted. Very common, however, is that the index.php (in any directory, but most commonly at the root or in the manager/ dir) will be injected with a self-unzipping encrypted bit of code. That stuff is very hard to track down because you can't search for it using a pattern. A lot of malicious code is written so as not to be identifiable by pattern matching.
Make a full backup of your site and the database, go over it with a fine tooth comb. There's a linux utility that's useful for this called "maldet" (i.e. malware detection).