we cleaned it last week from a client's server but the motherfucker infected my computer and it took me 2 days to clean everything. You probably got it from an image redirect, it's the new trend.
Anyway, it's a very tedious task, but look for each and every strange file in your server. Then open your php and html files and look at the bottom, you'll probably find an image src (or depending on the version, some JS). Delete it.
Now check your site using Chrome or Safari. DO NOT USE IEXPLOITER (why would anyone?
) and, sad to say, but DO NOT USE FIREFOX 4! It has a bug that allows images to load as exe
If it's clean, time to clean your PC. The only antivirus I know of that catches it is ESET NOD, but maybe other antivirus programs have been updated. This is what I did:
1) log in safe mode
2) run SuperAntispyware
3) run ESET NOD (you can run your AV program)
4) checked registry and cleaned a couple entries left
once you do that and your computer is clean, have your FTP password changed. DO NOT LOGIN TO YOUR SERVER VIA FTP UNTIL YOU DO THIS! Use a very hard to guess key, and if your server allows SFTP, then USE IT!
If everything goes fine, your server and PC will be clean and you're safe to go.
As a general precaution: do not pay attention to "server techs". 90% of them are morons who can't even turn on a computer, much less know about servers. And the chances of you getting one of the remaining 10% are really slim
