Basically found couple of random HTML files in root and www directories, deleted them. Also the frontpage had code for hidden iframe that had src attribute with a value of 'androidczad.info' or something like that. It didn't load the iframe for me, however. Probably because it was between xml and doctype declarations (which is how I noticed it in first place - validator didn't like that). Unfortunately it didn't really occur to me to check the contents of index.php file in the www directory before I re-uploaded said file, after which the frontpage appeared clean.
Either way, I have changed the password for the FTP account by now. However, I am not exactly a security expert so I have no idea if it's some vulnerability or other issue in my website code, compromised account or something else that let this happen. Any sort of help would be very much appreciated.
Thanks in advance.
Edited by Starkku, 19 July 2012 - 11:11 PM.