Change all of your passwords. All of 'em.
From SSH/FTP to panel to email. And if you used the FTP password anywhere else, change that too.
Unless you change 'em all, and delete all those files, the little creeps just come back over and over and over again
If you're using anything like WordPress or Drupal, make sure you upgrade everything, too.