Today I found it included in a file that is included in the home page in a very indirect manner. A script grabs the weather conditions. Another script runs the weather conditions hourly and writes it as an html file. The html file is then included in the home page. Getting something into the home page that way seems pretty sophisticated to me.
In any case, despite all we've done it keeps coming back. The host company is a small business that has been around for a long time and has been very good about solving other problems. The server, CF8 and IIS6, is shared hosting, but with a rather limited number of sites. Only my site is being affected. We've ran HackMyCF.com, ran antivirus scans and reinstalled problematic software.
On my end, I've scanned my PC with Microsoft Security Essentials and Kapersky. The FTP password, which we've changed twice, is stored only in Dreamweaver CS5.5 and in a password-protected spreadsheet. Otherwise it's typed in. My employee has a new laptop and only types in the password. I host about 50 websites with various companies. My primary site is the only one with a problem.
What can be done? This has become a major pain, to say the least.
Europe, Middle East and Africa