My friends website seems to have malware on it, however, I am unsure exactly how to remove it. They are using a javascript which reads from another infected site, and this in turn loads the malware. the function seems to be obfuscated in some way. Also, this javascript is present on any page which I view on the website. Sorry for vague details, but the function starts like this

<!-- Google analitics BEGIN -->

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "' type='text/javascript'%3E%3C/script%3E"));
After which there is a large section which doesnt make any sense. The main thing is actually finding exactly where they've inserted the function, as its not just inserted simply on index.php. If someone very trusted is willing to help me out, I can discuss more in private.