You need to restore a known clean backup of the site and then you need to plug the hole that allowed the breach. That could be as simple as changing an FTP account password (which I'd do regardless if you use FTP), but it could be much more complicated too. If you don't fix the cause of the breach it will just happen again.