I'll double check the process, thanks for that tip. When we were hacked they didn;t place anything in the database but in the root directory so I am thinking that because the server is set to allow the scanning of folders this could be an issue. There is some code that also reveals the directory path but that is a Dreamweaver issue and nothing to do with Webassist. I have to do a few things to hide this as well.
Thanks again for your quick responses.