It is true that my plugin currently only scans the filesystem and not the database content. My plugin specializes in removing virus like threat from PHP scripts that users cannot find or remove on their own.
Content defacement is a different animal and generally fairly easy for the user to find and correct. It is also not as common nor as dangerous. The more important question is: how did they modify the page content in your database in the first place. I understand that you are faced with fixing many pages and I think that you could accomplish this fairly quickly with an SQL statement that uses the REPLACE function to remove the malicious injection from every page at once. But you also don’t want to do a bunch of work cleaning it up only to have it get his again. You should be looking for the security hole that let that injection in too.