Does anybody have experience with the bs.serving-tracking.com javascript injection?

I have a site that was reported by Google to be infected with the above code. In Webmaster Tools they gave an example of at least one page where the code was found.

Unfortunately for me (I don't know javascript) the code does not appear on any page when viewed live on the server-- it's only visible in the browser's VIEW > SOURCE.

So it is getting injected from some unknown file, and I still can't find it. The client, of course if apopleptic and I forsee hours of digging.

This site and a couple of others was hacked through Filezilla's XML password file. Javascript was only inserted into the first line of the index page. I changed the FTP password and that stopped. This latest episode (on only one of the 4 previously infected sites) may or may not be related.

I changed the FTP password and do NOT save them to the Filezilla site manager file any longer.

There is an email contact form on the site.

Any suggestions please?