This kind of virus is very popular it can be malicious or for just harmless ads.
First of all change the file permissions. There is a free scanner named SiteCheck they can help you find the malicious redirects that is causing trouble. The code may be rooted in .htaccess file or somewhere in the code of your PHP files like header.php, footer.php or in your root PHP file i.e. index.php. Check for them and remove them. There maybe the code that is making the zip file and causing redirects. Next is wp-config.php file , it is vulnerable too move it to the root directory(WP automatically checks for it in root directory if it is not in default location). And if you have common username i.e. admin change it to unique username it may be just in case useful and prevent a percent more away from the reach of hackers. And there are other measures you need to be taking to secure your websites. Take time maintaining your website.