If you have SSH access to the server, and the website isn't usually
modified that much, I suggest you try the following:
- Log in through SSH
- Navigate to the website directory
- Execute the command
find . -mtime -1 -type f
This will give a list of all files which have been modified in the last
day. This way you can manually check them and remove the malicious code
Should the exploit have been installed earlier, you can expand your
search to go further back e.g.
find . -mtime -3 -type f to go
back 3 days.
Do note this is just a quick fix for a single website, chances are your
server has been completely compromised, in which case you either need to do
a full reinstall as already stated above, or get some professional