There is a virus which uploaded numerous files on my FTP accounts with following code.

Note : I have deliberately added ~~ to the js file name so it is not executed actual name is popup2_254.js

It seems that virus uses my FTP program and login to the accounts configured there and then Add the above code there.

Why this must be happening ?

I am a Freelance Web Designer and have many sites configured in that FTP program with passwords stored but this virus adds code only in index file, Be it HTM or php or asp.

I use avast home edition.