Yes, I see that those links are redirecting to a drug sales website. Have you downloaded the latest definition updates for my plugin and ran another Complete Scan?
Can you send me the results of your last Complete Scan via email?
This is a different kind of threat, maybe it was there from the fist hack, can you fix it with my plugin and then check the infection dates in the Quarantine to see if they are the same as the last infection or if they are newer?
My plugin has always been capable of scanning the site’s root directory, so if you have other sites installed within that directory it may be able to scan them all. You can change the directory level where the scan starts on the Scan Settings page or add all those other site directories to the list of folders to exclude from the scan if you want to.
Yes, I would “network activate” the plugin so that it can be run from any of the site, however you should know that only a Network Admin can run the scans.
Because the files are shared by all the site on a multisite install this means that fixing one site will fix them all.
Thanks again for send me the whole code in this file. I fixed the definition for that threat so now the whole script will be removed, which should fix the problem of the site going down. Please download the new definition update and try it again to make sure it works for you.
Let me know if you have any more problems.
Thanks for posting that code for me. This is a new variation on an old threat. I have added the new variant to my definition updates so that it too can now be automatically fixed using my plugin.
Thanks for helping to keep this project on the cutting edge 
These URLs are currently returning 404 errors (which is good), this means that you have already removed the threat that was producing those pages. It looks like Google indexed those pages on the 12th and cached the spam content that was displayed at that time. Now you just have to wait for Google to re-index your site and clear out the cache for those pages. It may take some time but you can upload a current XML sitemap to Google Webmaster Tools and sometimes Request a Review to speed up the process of re-indexing those pages.
If you look carefully at the results you are seeing you shoulod note that the actual threat is now gone. there are no more infected URLs on your site and Sucuri is now confirming this. What they are still saying, and this is what you are focusing on, is that your site is still BLACKLISTED (not infected
You still need to request a review in your Google Webmaster Tools account to get your site off Google’s blacklist. Then Sucuri will show that it’s all good 
Oh, hold on, I just re-scanned that second site on sucuri’s sitecheck and it is clean too. It said that the results were 48 hour old so I guess you didn’t do the re-scan on that site.
You still need to request a review in your Google Webmaster Tools account to get that site off the blacklist.
Can you send me a login to that site so I can find that last threat and add it to my definition updates? You can reply to my email address directly with the login detail.
This is caused by a JavaScript error on your login page. Check the Error Console in your browser and you will see that my plugin’s dynamic JavaScript (/wp-admin/admin-ajax.php?action=GOTMLS_logintime&GOTMLS_sess=…) is being blocked by your server “Failed to load resource: the server responded with a status of 403 (Forbidden)”.
I see that you are using at least one other type of login protection, perhaps one of the other security plugins you have installed is blocking my script from loading on your login page.
I am still working on this feature. I would like to have a scan that can be scheduled ready for testing very soon. Thanks for your support and interest in my project
That is a JavaScript error on your login page. I’m not sure why the JavaScript isn’t running on that page (you should check your error_log file to see what the problem is). I also see that you have a lot of other modifications to the login page, including some other protection plugins, maybe one of those are interfering. Regardless, the first priority is to get you logged in and my plugin is stopping you so you need to disable my login protection for now. Renaming the gotmls folder in wp-content/plugins/ would do it, I know you said you did that but somehow you didn’t because my plugin couldn’t still be working if you did, maybe your active website is running from a different folder than you think it is and you renamed the wrong folder.
Alternatively, you could disable the login patch by commenting out the first line in the wp-config.php file, just add // right before the if on the fist line, after the
Thanks for posting that code! I just added that new variant to my definition updates so it can now be automatically fiexd using my plugin.
I don’t know anything about WP Site Guardian but it looks like some kind of firewall that has detected an external attack in real time. This does not mean that your site is infected again, only that someone may have been trying to hack you. If you want more info on this you should contact the WP Site Guardian developers.
