WeWatch - 10:27 pm on Jul 5, 2012 (gmt 0)
Website malware is very different from malware on a PC or Mac. We find that most anti-virus programs can only detect about 40% of malicious files on a website.
If you have a good backup, you could just rename your main folder, ie., /public_html or /httpdocs or whatever you have and just put a _temp at the end.
Then restore your known uninfected files to the original folder name.
This will just be a temporary band-aid. You still have to find out how it was hacked.
If it's WordPress, it could be:
1. Outdated WordPress
2. Outdated plugin
3. Vulnerable plugin
4. Password was stolen (either WP, FTP or hosting account)
If it's some other CMS then the list above is basically the same.
Do you have your log files?
If so, do a search through the log file with an editor and look for any of the names of the infected files. See where the IP address resolves to with www.#*$!. If it's not one you recognize, then that could be the culprit.
If you find it was through FTP then someone with FTP access has a virus/trojan on their computer and it's stealing passwords.
If you don't have a good backup then you'll have to have someone else scan and clean the files for you.
But you have to still find out how it happened so you know how to prevent it. Otherwise, they'll be back...
Can you post more information about your site?