I found the malware hiding in the header.php file in the Theme/Basic/ directory. Not sure why it wasn’t found when I downloaded the file to my desktop and ran my malware software, and not by GOTMLS, but was found when I ran online scanner: SURCURI.NET, but it only reported the directory /about/ which in wordpress didn’t exist.
Putting the malware in the header.php makes almost every page seem like it is infected when it displays.
I will keep and use this software. I donated.