Best way to figure out this is check your FTP for last modified files. Shortlist the files which you see has been added or modified recently. Check the code of these file one by one. If these files are core magento files, than you can simply replace these files from another core magento files

Also check your magento admin configuration if any malicious code is inserted in below two locations -

System > Configuration > Design ( From Left Menu ) > HTML Head >  Miscellaneous Scripts

and

System > Configuration > Design ( From Left Menu ) > Footer >  Miscellaneous HTML

Remove any unwanted code from here.

For further investigation, you need to take help of a magento expert or developer

Agree, first see your file history if they are getting modified in a regular interval then infection should be still there on the server.

Note, the bot can see these at the greater level at it scans the code.

Google webmaster can give a good idea about infection and location.

As far as the fix is concerned, a very simple approach would be to install wordpress and then install website scanner plugin and then run a complete scan of the root (/). And then see the origin of infection and clean it manually.

Once you are done with complete cleaning then install latest patches and ensure your got correct permission set on the server.

Thank you for sharing the solution as well.

Thanks, for help.