If your computer - or that of anyone who ftp's to your website - is ever infected with a trojan or virus, it's not enought to just get rid of the infection on your computer's hard drive - you also have to change your passwords to your website - either from a different computer or after your own computer has been thoroughly cleaned by your anti-spyware, anit-malware and anti-virus programs. And then keep checking the code on your files.

Sad experience - My hard drive got this trojan from some infected website, I got rid of it on my hard drive, but then learned a week later that the trojan had gained access to my website and injected pages with a hidden i-frame that infected anyone who came to the site.

I'm not sure, but I think it may have gotten the passwords and log-in info from an old ftp program I had (and have since gotten rid of) that storied the password in an ini file.

These injected iframes are horrible - because you can go to a trusted website, but if it's been hacked, you can't tell just looking at it. I've since gotten a new more powerful firewall, new security suite, etc. What a nightmare.