The Exploit Scanner plugin can help detect damage so that it can be cleaned up. Other things you should do:
- Change passwords for all users, especially Administrators and Editors.
- If you upload files to your site via FTP, change your FTP password.
- Clear FTP logs on your local machine, especially if you are using FileZilla on Windows
- Re-install the latest version of WordPress.
- Make sure all of your plugins and themes are up-to-date.
- Check permissions of your files/folders in the install.
- Check .htaccess file (Apache) for any additional rules added.
- Update your security keys.
- See FAQ My Site Was Hacked.