Ultimate Branding - script injection?

We noticed yesterday that when accessing the main site that a test.js file was trying to be loaded from an external site http://hotemoguys.seyi.am. I found that this code <script src+http://hotemoguys.sexyi.am/test.js> was added after the custom footer text. When I delete the plugin all is well. When I re-installed, same issue again. Firstly, how to remove the code left behind and secondly, how can this be prevented in the future?

Thanks,

Matt