the problem is in a webserver, vps, or what?
we have access to log webserver?
what os is, red hat, centos??
we have access ssh?
how many client have in the web server?
the problem is in one web site client or in all web sites hosted in the server?
6 task? sorry only 4
1.- check log web service, if apache httpd log (determine location of the malware)
2.- check and fix database, for injection code(if need fix)
3.- check and fix code web site
4.- check all web site hosted in the server and fix if needed