Run an anti-virus scan on both the server and any computer you use to access the site.
Run an anti-malware/spyware scan on both the server and any computer you use to access the site.
Once the above state that there is nothing found, change all passwords for ftp, admin panels, etc with strong passwords.
Make sure that the version of wordpress that you’re installing is the latest stable version and for the time being don’t install any plugins, it could be that one of the plugins you were using might have a security hole.
The problem is not on your website but on the underlying web host server. I guess someone has hacked the http server or similar. Anyway, it appeared that all sites on the web server you’re using had the same problem (including one of mine). I reported this last night and it appears to have been dealt with this morning between 6am & 7am.
Must admit I spent 3 hours trawling through my website code before accepting that it wasn’t in my site so it must be the server.