400? That sounds pretty bad. The most likely reason for this is that the files are read-only or that the httpd/apache user on your server does not have sufficient permission to write to those infected files. This could be because the hacker locked the files after infecting them or just that you server’s security setting are really strict.
If you want to send me your WP Admin login to your site I will check it out for you. There may be a simple workaround for this and it will help me to see how different servers react to different methods of fixing this issue.
Don’t post you credentials on the forum though, just email them directly to me: eli at gotmls dot net