First up, I am very new to web development, so if you dislike dumb questions this probably isn't the thread for you. Hopefully this is the right forum, apologies if not.

I've put together a couple of basic sites before, but I'm really at self-taught barely-above-beginer-level, so any help would be gratefully received. I'm looking at rebuilding a site for a local not-for-profit group. We're planning to put up a Wordpress site, but before even getting started we've found that the existing site has a trojan.

It's called JS/IFrame.gen.j, and intermittently forces the site to redirect to another URL.
I gather it exploits an iframe vulnerability, but that's about as far as my understanding goes.

So...not sure what to do about it. The hosting company have been less than helpful, their virus scanner doesn't detect it, and they just said "correct the code not to use the iframe". I wouldn't even know how to go about finding it, let alone removing/correcting it.

A few things I'm wondering...
  • Should the hosting company be more helpful here e.g. identifying the infected file
  • How would I go about finding & dealing with the trojan?
  • How would it likely have got onto the site in the first place?

Thanks for any help