- Most likely these exploits are caused by compromised FTP credentials. So start with your own computer. Scan it for spyware. Some people reported good results with Malwarebytes.
- Then (from a clean computer) change FTP passwords.
Try not to store them inside programs that you use to upload files to a server. - Whenever possible use secure connections. I.e. use SFTP instead of plain FTP. Many shared hosting plans include SFTP.
- Finally, remove the malicious code from all server files (.html, .php, .js, etc.). The easiest way to do it, is replace them with clean files from a backup.
How to clean viruses from web pages
How to clean viruses from web pages
To clean the virus, follow given steps.