Sorry to be so late jumping in here, but here goes.
Many of these and other website infections are the result of stolen FTP or other login passwords.
These are typically stolen by a virus on a PC that has FTP access to the infected website. Especially when the website has been re-infected a few times.
I know everyone has anti-virus software installed, however, with so many variants of viruses the anti-virus (AV) companies have a difficult time keeping up. All it takes is one minute that your AV software isn't up-to-date and you can be infected (well, your PC).
From there the virus learns how to evade detection of the AV software. If you're using one of the free FTP programs, like FileZilla and you store your passwords in the software so you don't have to login each time you want to transfer files, the login credentials are stored in a plain text file.
For FileZilla, you can see the file here:
C:\Documents and Settings\(user)\Application Data\FileZilla\sitemanger.xml (user could be Administrator if you're logging into your PC as Administrator)
All the information a virus needs is stored right there in plain text. It steals this information and sends it to a server which then logs in to the website downloads files, injects the malscript and then uploads them back to the website. If you have your FTP logs activated, you can see where the infected files came from.
The virus also works by "sniffing" the FTP traffic. Since FTP transmits all data, including username and password in plain text, it's easy for the virus to see and steal the information this way as well. I have a YouTube video showing this here: http://www.youtube.com/watch?v=oYI1kssrrbc
Like I said the virus learns how to evade detection of the currently installed anti-virus software so you may need to use something different. Many have had good success with one of the following: Kaspersky, Avast or Vipre. If you're already using one of these, then try one of the other two - it has to be different.
So, first change all FTP passwords. I generally recommend setting up a separate username and password for each user and make sure FTP logging is activated. That way if you do get infected, you can look in the logs and know for certain who was cause.
Second, install a new AV and scan all PCs.
Third, remove the malscripts. If you have your website downloaded to your PC, you can use a program like grepWin (it's free) to find and remove the malscript.
Fourth, if Google has blacklisted you, you'll have to request a review from the Google Webmaster tools.
We clean websites for a living so I do know what I'm talking about here.
arthur_22
redkathy
Chris Reynolds
Hulbert Lee
WeWatch
Steve D
blogadmonkey
derekbanas
helpme11
ClaytonJames
anomalousmaterial