htaccess Elite

I have a problem in my web site it is a virus which try to inject every time it can a sort of code in my own php script of the index page this code is a kind of <iframe .... ></iframe> it includes a web site which is signaled by my antivirus (on my PC) as a spam site so I have deleted this code from my pages but it is returning on my site ... I called the web hoster they said that it is a php code which modify my pages injecting this code and it is enjoying the lack of the security so they ask me to do a sort of an access control to my pages sothat I prevent it to play its game ... When I asked them how can I do this control they answered that I should use a .htaccess ... But about htacess I know that it is a sort of technique to make a password/login access to some of directory and/or files but My site is public and about access control I don't know how to use this htaccess file to prevent spam codes to play with my php files [ I already changed all my files to 444 permession (read only for all users) ] But I am worry about this virus that I can't find its source ...

Please Help !

PS : I am sorry for my weak english .