Thanks again. I have added this new file to the definition update. Thanks too for the suggestions, I am also working on improvements and appreciate any and all feedback.
I removed the malicious code that you posted here because of all the malicious links in it. Plus, it was reformatted for the forum and missing the PHP brackets and other content that was in that file so it was not very useful to me. I could tell that it was very like the code I would have expected in your functions.php file and that is already in my definitions so I am not sure why it was not found on your system. It would help me if you could email me that infected file directly so that I can check it and update my definitions if needed.
Just check the box Automatic Updates and then click Save and the Core Files definitions will be automatically installed.
Thanks for the file. This was a new variation of an old threat so I fixed the definition to match this variant and released a new definition update.
Please let me know if you find any more that I missed 
can you send me this hear.php file too?
That is because there are new definition updates available. Click the button to download the new definition updates and then you will see the green checkbox.
Thanks for those files, I have added both of these to my definition updates.
If the same infections are coming back then either your server is still infected (it may be another site on the sever) or there is a backdoor that is being overlooked. Check your servers raw access_log files to see what scripts are being accessed at the time of the infections (see the infection times in the Anti-Malware Quarantine.
The scan will stop and the results will be lost if you leave the page.
Also, it should not take that long but maybe it is scanning through other sites installed under the root site. I would suggest installing the plugin on each site and running the scan on each site in a different tab or browser window.
It may not show up under the account that you are logging into my site as because it was registered to a different email address so it is under a different account.
You can click on the green checkbox by the registration and update info in the upper-right of the Anti-Malware Settings page in your wp-admin and then re-register that site to the correct email address.
You should have the option to scan the root directory of the site which is up one level from the directory that WordPress in installed in. If you don’t see that option then please send me a screenshot so that I can help you further.
!. You are only finding Potential Threat (which are not fixed because they may not be malicious at all) because you have not downloaded the latest definition updates. Download the definition updates and the my plugin will find and fix any Known Threats.
2. If your site is blacklisted then you will need to manually request a review to get your site off the blacklist.
That icon is actually your Gravatar for the email address that you registered the on gotmls.net and because that email address does not match any WP User on your site it says “Unknown User”.
You are not the first person to be confused about this so I will be changing the way that is presented in the next release of my plugin.
Sorry for the confusion and please let me know if you have any other questions.
Ouch! Excuse me but I pride myself on the work I have put into this plugin, and you might see that it is working for thousands of other contented users. The fact that I offer this great work for free (or more accurately: for voluntary donations) does not mean that you should expect it to be junk.
Now, if you are having an issue with a repeated infection then perhaps you would like to ask for more help rather than just writing my plugin off as “straight up doesn’t work”. It sounds to me like it is working when you scan and clean the site, but then you are getting re-infected again and again. There could be other vulnerabilities on this site or other sites on the same server that are letting the hacks in after the cleaning. If you want to tell me which site your are having trouble with and maybe provide some details about the problem, or screenshots, or your wp-admin login (you can email me directly if you want), then I can provide more help.
Also, You should understand that there are many hosting providers that offer cheap shared hosting solutions that are fundamentally insecure and at some point it does not matter how many great security plugins you have (or how much you pay for them) because nothing can stop the spread of some malware on a typical shared hosting account once it’s made it onto the server. Sometimes the only solution is to move your hosting to a more secure host.
Anyway, if your interested in receiving any help on this please consider contacting me again with some details that I might be able to shed some light on for you.
This is a CSS issue caused by a change in the default dashicon sizes in the stylesheet that were updated in a recent release of WordPress. I will have my own CSS in place to override these default styles in my next plugin release.
This is normal, and you can click on the “Skipped Files” link to see the list of files that were skipped. You will notice that most of them are binary file types that do not execute PHP code and some others may be empty files. You can hover over each file on the list to see why it was skipped.
I hope this explanation helps, and please let me know if you have any more questions.
