So this was was the scenario our client was faced with.
Their site had been taken down by Google and it was not known at this stage whether the site (Magento based) had been hacked, or the server company hosting the site had themselves been hacked. Either way, the customer wanted the site to be moved to a new host and they wanted the site fixed and operational again as a matter of urgency.
We immediately prepared a quote for the hosting and offered a rough cost and timescale for fixing the site, both of which were quickly agreed by the client allowing us to begin work right away.
The site was moved from the original server to our new optimised Magento hosting servers within 2 days. Once the site was successfully moved, the site was then fixed on the 3rd, domain name was transferred to our control and was switched on the 4th.
After several code tests, we were satisfied that the site was now clean of anything malicious and contacted Google to initiate the process to get the site removed from their blacklist: https://www.google.com/webmasters/hacked/
This particular fix involved the following steps:
Resetting an admin user password to gain access to the admin console.
Cleared out the fake users that had been created by the hack.
Removed hacks from the core/lib code.
Removed Magepleasure_Filesystem files.
Had a look at the system config and removed the dodgy code inserting an iframe (this we think was the reason Google was flagging up the site as dangerous).
Installed all patches and patched templates where needed.
Checked all the remaining extensions.
Checked payment methods.
Happily, Google lifted the site off its blacklist a few days later and our clients website was back online for the world to see.
If you feel you could benefit from talking to one of our Magento specialists, then please get in touch.