Yeah First even I didn't believe they are doing this, First I also thought I got hacked through my website, and did nearly everything to protect it, even changed username and password to some 50-55 characters random password with mix of alpha, numbers and lots of symbols, even I had to write them on a text file.

The very next day, the trojan downloader was again there in my themes footer. then I asked them to change my cpanel password to more secure one, they did it, Then I changed permission of all my theme files to "Read only" from cPanel so that it cannot be modified from inside the wordpress admin area but guess what, next day I found that the file "wp-blog-header.php" was modified which is only accessible from inside the cpanel.

After getting confirmed that my cpanel is hacked I asked them to change my password again and ask them for the log of who accessed my cpanel from which Ip address and modified which file, but even after waiting for one whole day my cpanel's password didn't get changed and my wordpress files are being modified every half an hour after i clean them again.

After 2 days they closed the ticket without answering about password change or the request to access logs.

To save my website ultimately I had to signup for other web host and shift my website there, and from then its doing good without any problem.

I said what I suffered now its up to you guys what you conclude from this.