To remove all malicious code from your websites please do these all points:
1. Ensure you were not using any malicious line of code in your project (Website). When you are not 100% sure about the functionality of used line of code, script and CSS class file, please remove them.
2. Replace all anchor tag blank href property with return void(0).
3. If you are using MVC architecture then use Microsoft DLL “AntiXSS” to prevent malicious line of code with your fields.