ubuntu – Malware keep editing index.php and .htaccess

I’m running different sites over apache, and I’m having a very serious problem that I don’t know how to solve.

There are some sites inside the /var/www folder which are constantly edited by a malware, infact at 02:41:06 of today my .htaccess and index.php has been edited:

htaccess: was changed with new line of code that preventing to load php files

index.php: was completely replaced with a new one which contains some strange goto lines.

also new directory with strange names keep appearing, eg: xgije, jdqz1, aex6zq

and also each time a file called class-wp-widget-archives.php is created that contains this stuff:

enter image description here

what I can do for fix this?