Recently a malicious code was inserted inside my website. It was inserted into the source code of a URL such as www.mysite.com/page/2?sort=name now my question is how do I remove this malicious code from this URL. Do I have to go into database or is it in the FTP. I am using wordpress btw. Thanks.
Perform a scan with clamscan OR maldet on the files, folders & databases. This should help in showing the injected files.
grep for php functions like base64_decode, symlink, system, exec, popen, eval then search every *.js *.html *.php file for iframes / malicious jscripts. Once you have found and removed the backdoor code you will need to find the point of entry so this dont happen anymore.