It appears that I didn’t manage to purge all traces of infection on my website at my previous attempt. A visitor who had come via the Selfsufficientish forum kindly took the trouble to drop me a note that they had seen a warning message and so I have been digging deeper.
Unfortunately, there doesn’t seem to be a single tool that reliably picks up all potential problems. This time I copied the entire site back to my hard drive and Sophos antivirus picked up about twenty infected javascript files. The infection appears to have occurred at about 6pm on 30 August and all those have now been dealt with. I also spotted an unfamiliar set of files that may have been a rootkit (also zapped). Possibly I had some file permissions set too open which allowed the infection to occur although it seems to have been a single hit.
While I’ve got a copy of the website, I’m also going to perform a couple of extra checks for other suspicious patterns and I’ll change the site password again; hopefully at last I will be free of the problem.