Malware OxsanaSiberians.com Attack!

Am with an old 3.0 wordpress for atable.com.
This morning I got a Google Adwords alert because the site had been blacklisted for a malware.
I checked the site and found the .htaccess had been modified. I restored it and changed all FTP & WordPress passwords, and changed permissions ot more restrictive for .htaccess.
I asked in Google Webmaster Tools to recheck the site. It was OK in FF & MSIE but still showing Googlemalware alert on Chrome.
Then tonight I got another alert from my host (1&1). I checked: the site had malware alerts on all browsers, and if I went anyhow, I had a 403 error. I changed again the permissions for .htaccess, but then I had a blank page instead of homepage (or anyhthing).
I checked further: the header.php of all themes had been changed. I restored. I also saw a number of strange changes on files and folders. I restored to 0755 and 0644.
I found a script to check file changes and there are no other than .htaccess and header.php.
A scan at sucuri.net sitecheck as well as google webmaster tools report an iframe into https://oxsanasiberians.com/downloads/stats.php.
Apparently this is the biggest attack these last 48h (450+ sites infected) but I can’t find further information.
I have no idea where it is injected… because I can’t see changed files…
Any suggestion what to do?
I mean, beside that I should upgrade security and wordpress… as an emergency, I need get this site running again!
Thanks, Agnes