Your going to have to have FTP or SSH access to the site in order to fix the issue. Below are some steps you can take:
1) First, do you have a “clean” back-up of your site, if so, just restore it from that.
2) If #1 doesn’t apply, do the following, check all .htaccess files, index.php files and any include files or theme files you may be using.
3) Also, check above your web directory (usually above public_html, httpdocs, html, etc) for an .htaccess file that will override anything in your web directory.
4) Remove any code that you find in your “legitimate” files that matches any of the following (Note – this isn’t an all exhaustive list, it’s the most common issues I’ve seen):
a. “eval(base64_decode(…..”
b. “edoced_46esab…”
c. “getMama…”
d. “115,99,114,105,112,116….”
e. “document.write(‘<iframe…..”
5) Look for any php files in any image, css, upload, download, etc directories that would not normally have a php file in them. Check the file contents for base64 strings and thing that point to it being a php shell such as “FilesMan”, “c999sh”. If you find files like this, DELETE THEM.
6) Once you’ve cleaned your site – UPGRADE it if you are not running the latest version to remove any possible publicly available vulnerabilities.
7) Also I would recommend checking permissions; files should be at 644 and directories at 755 (this depends on your hosting company/server – this is the most common setting). Change your cPanel and FTP passwords.
8) Once you have completed all those steps, go to http://www.google.com/webmasters and if you don’t already have an account create one (Obviously if you have one – skip this step).
9) Once you’ve created your account, add your site, then on the left hand side, click on “Health”, “Malware” . If they have you flagged, and you have cleaned your site, submit it for re-evaluation. This usually will take between 48-72 hours before you are cleared.
Hope this helps
