I found the malware hiding in the header.php file in the Theme/Basic/ directory. Not sure why it wasn’t found when I downloaded the file to my desktop and ran my malware software, and not by GOTMLS, but was found when I ran online scanner: SURCURI.NET, but it only reported the directory /about/ which in wordpress didn’t exist.
Putting the malware in the header.php makes almost every page seem like it is infected when it displays.
I will keep and use this software. I donated.
I have the same problem. Site is already blocked by Google. I updated WordPress. Did a quick scan and complete scan. Yet I can still see the malware when I go to:
anastassov.net/about and do a Source view. There are other pages, but I cannot figure out how to get to the malware that appears here.
Need Helpl.