Compromised site

For reasons which I now regret, I find myself managing a client’s website to which some chaps in Mumbai added a WordPress blog about 18 months ago. I have no WordPress experience and, since the client said it was working fine, I did nothing other than take a database backup when I took over in February. (I learned how to do that in these forums – my first real use of phpMyAdmin.) They recently started having trouble – unable to insert images or links etc. I upgraded to the lates version whic fixed the problems for a week. I’m guessing it’s malware of some sort as now, when going to the site, Norton blocks attacks from a variety of Russian Federation IP addresses. Also, the time stamps on (only) the html files on the whole site keep being updated despite me not uploading any changes.

On investigating WordPress I found that the admin password was ‘admin’ and no secret keys had been setup. I’ve changed that but it hasn’t fixed the problem. I’ve looked at the obvious files and can find nothing suspicious – but then I wouldn’t expect it be obvious!

What steps do you suggest I take to clear this up? Clutching at straws – this site is on a shared server with an ISP, what’s the chance that the problem isn’t within this site but on the server?

Thanks

Bob