I've had the same problem (and am still dealing with it). My site was hacked by a Malicious script code, which even after I deleted my file, reoccurred over and over again. Here are some suggestions:
1. Most important: Contact your hosting provider and let them know that your site has been hacked. Tell them that you are working on getting it removed. If you do not get this taken care of, they could shut down your site completely and/or remove all your files without even backing it up. It might also be that you'll need to remove your file and ask that your hosting provider to delete your hosting account and give you another one on a different server.
2. Do a complete backup (via FTP only) onto your computer. Search each .php file (yes, one by one) and remove the Malicious script. The script in embedded into the bottom of all index.php files, AS WELL AS other .php files. Unfortunately there is no telling exactly which files have been effected. You'll have to do this manually. DO NOT download the latest copy of WordPress and just copy over your existing files. This will make a lot bigger mess. (Make sure to take note which files were effected as you'll only re-upload these files).
3. DELETE everything off your server EXCEPT the WordPress files (and don't delete the effected files). CHANGE all passwords to something very difficult (letters, numbers, characters, lower and uppercase). And if you have access to your cPanel, delete your mySQL database and create a new one (If you do change your mySQL database, then you'll need to update the information on your wp-config.php as well).
4. Re-upload ONLY the files that had been effected into their appropriate folders.
5. Immediately install the Secure WordPress plugin and active it. THEN delete ALL other plugins that you are not using. Go through your plugins and themes and delete everything that you're not using (or don't really need).
6. Delete the "admin" user account. Create a new account under a new name, assign the role of admi nis tra tor to that user, then sign in under the new user and delete the “admin” account. REMEMBER, make sure to use a strong password.
7. If you feel ambitious, rename your default data base table prefix (which currently is "wp_"). This is very involved and takes time. Here is a tutorial: http://bit.ly/61z0Jk
8. Say a prayer. Say lots of prayers :)