Advice on how to fix exploited website?

StaticNoise

Hi all.
I'll get straight to the point:

I have several websites, and I work with other ones. I wouldn't be a big time web developer or coder, but I do know my way around the neighbourhood.

However, some of my websites were flagged by Google recently as containing malware; infected with Javascript, it seems, and other pieces of garbage that point to .ru domains and other .js pages, all exploits it seems.

One site contains Wordpress, and I did an automatic reinstall and it seemed clear. However, people are worrying me as they notice its still kicking off errors and warnings. AVG's online scanner indicates there is a ""Link to Exploit Site (type 1334)"", yet I thought I cleaned most of it, if not all, away.

Has anyone any advice on the problem and how to deal with it?
I have heard rumours that my FileZilla could have been exploited due to the passwords being stored in plain text, but it doesn't all add-up.

I appreciate the help.


(Please note, I can't publicly, I think, post links to the websites, as I am not in ownership of all the sites involved, and I don't really want the URL's being linked to this post )

tricky D

A bit rusty on this but it goes something like...

Check all the .htaccess files everywhere on your server space. There's sometimes a redirect hidden away in them.

Change ftp password from a different computer than the one you usually ftp to/from.

Clean your regular computer thoroughly. (Virus and malware forum might help - READ THE STICKY)

Ensure the .js call or the iframe calls are (text) edited from your local backups and then upload them.

Takes a while for the all clear after the review request to Google. You might need to check at http://www.unmaskparasites.com/.

Filezilla is indeed a weak point due to transferring passwords in plaintext. Use an sftp client or your isp's upload tool.

StaticNoise

Done the above and still kicking problems.
Full site download is not feasible.