It sounds like something is interfering with the page loading on that site or the wp-admin on the site is really broken. Do any other pages load in your admin?
Can you check the error_log files on your server and send me a screenshot of the problems?
If you have already registered the key and you’re not sure what email address it’s registered under then you can click on the green checkbox in the upper-right corner of the Anti-Malware Settings page in you wp-admin to open the registration form, then fill out the registration form with the email address you would like it to be registered under and re-register from there.
Thanks for sending me this code sample. This is another variant a wide-spread threat that has popped up recently. I have updated the definition with this new variant so my plugin should now be able to find and fix this one too. Please download the latest definition update and let me know if there’s anything else.
Thanks for donating, you can register all you sites under the same email address and then the keys will all be on the same account so that your donations count towards all of them 
My plugin should remove the malicious code from your infected files to stop the spread of this script, but if you already have a bunch of script tags in your DB then you need to remove them manually.
I am working on a DB Scan feature for my next plugin release and your donations help me allocate time to maintaining and improving this project, so thanks for that and look for this new update soon.
In the mean time you can try running an SQL statement like this in PhpMyAdmin:
UPDATE wp_posts SET post_content = REPLACE(post_content, '<script src=\'https:// some malicious domain here / malicious script.js\' type=\'text/javascript\'></script>', '') WHERE post_content LIKE '%<script src=\'https:// some malicious domain here / malicious script.js\' type=\'text/javascript\'></script>%'
Replace both instances of “https:// some malicious domain here / malicious script.js” with whatever path is used in your injected script tags, and don’t forget to escape any quotes in the HTML strings, and it may or may not have “type=’text/javascript’” or other properties in it so check that it matches the code injected into your posts.
If you don’t have access to PhpMyAdmin or another DB utility to execute SQL statements then you can download my EZ SQL Reports plugin (elisqlreports).
Let me know if you need more help.
Thanks Alain for allowing me access to your sites. I found this new threat in your header.php files and I added it to my definition updates so that it to can be automatically fixed using my plugin.
I ran the scan again and cleaned both sites and my plugin fixed a bunch of infected files in your theme and in some other plugins. Then I found that there was some SQL Injections in your DB so I removed those for you too. Now both your sites are all clean.
Please consider making a donation for my time on this, and let me know if you need any more help.
I would really like to help you understand why those files were flagged as malicious. Yes you can send me those files if you need to but you can also examine the results of the scan by clicking on the files listed to see the contents and then click the numbered links to highlight the malicious code in the file (hovering over the numbered links will display the threat name).
On closer inspection it looks like this last malicious javascript is included from content in your database. Try looking for the script tag in content right after the last subheading on your home page.
Have you run a second scan to make sure that there are no remaining threats, and that none of the original threats have come back?
Just follow the same steps that you did the first time you installed the plugin: Get the free key (which should match the key you paid for) and that key should already be registered and show your donation. If not then just register that key under the same email address and it will then show your donation. If you have any trouble following these directions please send me a screenshot so that I can see where you’re at.
You have already unlocked the core file definition and the automatic update feature with your donation so now you just need to click the automatic fix button and my plug-in will automatically restore those core files that have been changed.
If it’s not a session issue on your server then maybe you have another plugin or firewall that is blocking rewrite scripts from loading in within the wp-content directory?
As I mentioned in my first replay, it would help if you sent me a screenshot of the firewall settings page in your wp-admin.
In general this message indicates that your server was either unable to start a persistent session or that the rewrite rules in the .htaccess files are not affective. There could be many causes for this that you should bring up with your hosting provider. Maybe you have restricted access on some directories or there is a permission problem on certain folder. If your hosting provider is not helpful in this and you can send me a screenshot of the Firewall settings page then I can try to help you troubleshoot further.
You can unregister a site or transfer your registrations from the members page. Or you can simply re-register a site by ckicking on the green checkbox in the upper-right side of the Anti-Malware Setting page in the wp-admin on that site.
The scan will also automatically skip empty files and whitelisted files and this is ok, it does this to speed up the scan process. If you hover over the file listed it will pop-up and tell you why it was skipped.
If the scan finds a file that is marked as a Known Threat then you can click on the red linked file to examine the contents. There you will have the option to whitelist that file, however, this is a passive action that does not really solve anything and ignores the bigger issue. Either you are whitelisting an infected file that contains malicious code which should not be whitelisted or my plugin is incorrectly flagging this code as a Known Threat when it should not be. Can you please send me the file or files that you are wanting to whitelist so that I can check them and make adjustments to my definition updates if needed?
