As vonskippy said you need to start fresh.
As for how it happened, could be one of a number of things, common attack vectors are:
SSH brute force attacks, have you disabled ssh password access?
Compromised web scripts, if you're using open source software is it all up to date?
Out of date packages, is your system up to date?
_________________
Paid supportHow to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue