I am so sorry for my extremely late reply, I didn’t get any notification of your posts here.
In any case I cannot find any record of your donation. Can you please email me directly with the transaction number so that I can look it up and get this fixed for you?
Yes, please send me any new malicious scripts that you find so that I can get them added to my definition updates.
Please try again with version JB3Bi and let me know if it’s still not working.
I would hope that you don’t have to completely reload your site from scratch. If you want to send me the URL then I can take a look at it for you.
My plugin should run smoothly in conjunction with other security plugins, although I have had instances come up in the past with some other firewall filters that block my definition updates and even one instance of a firewall rule that blocked my scan page, but you can usually white-list these occurrences or disable the other firewall if it does interfere.
My Super Secure Hosting is available for $12/month per site to those who really need a place where their site will not be reinfected again. I recommend it for sites that are pro to attack or sites that just won’t stay clean on their current server. Once they are hosted on one of my servers they will not get hacked again.
I have already answered your “linkangood” questions on the support forums at wordpress.org, and the malicious “linkangood” scripts have been added to my definition updates, but I wanted to follow up here so that this issue would have the resolution posted and also to try and answer your second question here.
If your copy of WordPress is installed into a sub-sirectory under the public_html directory then it is the sub-directory where WordPress is installed that will be the root directory to be scanned. If you have a copy of WordPress is installed into the public_html directory then the scanner can start there and will then be able to scan all the sub-directories inside it.
I have added this script to my definition updates.
I just want to point out that this is ad code from a legitimate ad network, that is being used in this particular case by a user of their services to promote ads on your site without your permission. While these ads were injected into your content maliciously and without your consent it was not the fault of the ad network, however I do feel that they are partly responsible for allowing the misuse of their ad network to promote their ads on sites that have not given consent. It would be wise for them to require verification of consent by the site owner before rendering ads on their site.
Yes, let’s hope that changing the password is all you need to do to stop the hacks.
If it does come back though then I do offer Super Secure Hosting for $12/month per site, and I guarantee that will stop these hacks 
It is possible that there is a back-door on your site that is planting those DB injections, but it is more likely that the malicious injections are coming from outside of your site. If there was any malicious code in the files on your site then my plugin should be finding it. If it is only finding malicious injections in your DB then the hack is likely to be a direct DB injection using your DB credentials. First try changing you DB password and update your wp-config.php file to match. If the DB injections continue then I would suggest that you move your site to a move secure host.
It might be but I am not familiar with it by that name specifically. Can you send me an example of that malware so that I can confirm it for you.
I have just released a definition update for this new threat. Please make sure that you have the latest definition updates and run the complete scan again. That should find and fix this threat throughout your database.
It looks like there is one script leftover, maybe in your theme’s header.php file. If you can send me your header.php file then I will add this new threat to my definition updates.
The Complete Scan is an interactive processes that shouldn’t take more than an hour to finish and the automatic fix can be run at any point after a known threat is found, even if the scan is still actively running. I would like to help you figure out why the scan is taking so long if you are willing to work with me to figure it out. If you could start by sending me a screenshot of the scan in progress after about 15 to 20 minutes then I can probably tell a lot more about what might be casing this issue.
P.S. Sorry for the slow response time, my grandson has been in the hospital so I have not been as quick to get back to people s I usually am.
It sounds like the admin-ajax.php file is not working on your WordPress install. Can you check that or maybe restore the domain access to your site so that you can run WordPress at the normal URL for your site?
Yes, that will work. Please let me know if you need anything else.
P.S. Sorry for the late reply, my grandson has been in the hospital and I somehow missed some notifications.
It should not be taking more than an hour to complete, can you please send me a screenshot of the scan after it’s been running for a shot while so that I can see what might be going on?
