I've been fighting malware on one of my WP installs for a week or two now. It injected iframes into index files, which is common and I've been dealing with these sort of problems before. However, this time it took me a while to find the script injection they used (if it actually is a script), none of the scanners I used (securi etc) found it. I removed the iframes, reinstalled core wp files, found and removed a c99 injektor but the injections keeps coming back. And now other sites on my VPS has been infected.
I need for you to clean it up, and take a look at 2 sites which have been affected.
VPS is running on litespeed, uses whm/cpanel etc.
Just ask me if you have any questions or want the URLs.
This is my private sites so I don't have a huge budget for this.