Javascript malaware in my blog

Hi! Since two weeks ago my site started to appear as “dangerous” to some readers (google, chrome, firefox…). A quick check show me that it were some iframe hide as a javascript code in the footer.php of my theme. I deleted it and the problem went away, but the problem is that it happened again. The same idea, but pointing to another malaware place*. The site is hosted in a shared account on dreamhost. I filed a ticket yesterday, but still I don’t get an answer.

This has been happening for three times in two weeks so I decided to “down” the blog for a while until I found a definitive solution.

I’m really confused because I can’t find the problem and also I can’t find a way to diagnose where’s the problem. I have changed all the passwords to access the server, only the owner of the file has access to write the file, I followed the steps from the codex, but without luck.

I use some plugins with the blog, but disabling them it’s not an option because the make the site works.

I’m using the latest stable wordpress and my os is Arch Linux.

Basically… how can I diagnose where the problem is so I can treat it effectively? I’m really lost and I don’t know where should I start looking so any help pointing that out would be greatly appreciated :).

* At least in my impression it’s different from the issue that is caused with the pettazeta stuff.