Replaced all the core files/changed passwords yesterday again and did another check to the files. It seems now that my problem is solved as site is still up and running. Perhaps I missed few files on the first time.
Did the same yesterday, replaced all the core files and checked the database and i thought it was clean. Today noticed that files were again injected with base64_decode and javascript files were altered as well with sweetworld.co.uk links.
