Scan stops scanning files and keeps checking host keys and comments

Hello,

I suspect there is an infection running amok on a website of a customer: the site is sending a crazy amount of e-mails from the wp-admin folder, over 500/h, and was thus shutdown by the hosting company.

On looking at files I was not able to see anything suspicious myself, so I tried to scan.

Since Monday I have been scanning & scanning, but the scanner keeps stopping at a randomly set limit of 6000-7000 files, on the:

[Oct 20 11:29:13]Scanning for known malware files
[Oct 20 11:29:13]Scanning for unknown files in wp-admin and wp-includes

stages.

I have turned off plugin and theme scanning, hoping to scan them separately, but to no avail.

Scans end up just going on and on, kind of like this:

[Oct 20 11:29:07] Contacting Wordfence to initiate scan
[Oct 20 11:29:08] Including files that are outside the WordPress installation in the scan.
[Oct 20 11:29:08] Getting plugin list from WordPress
[Oct 20 11:29:08] Found 20 plugins
[Oct 20 11:29:08] Getting theme list from WordPress
[Oct 20 11:29:08] Found 4 themes
[Oct 20 11:29:13] Scanning comment with Author: dina postolachi Email: [email protected] Source IP: 109.166.133.175
[Oct 20 11:29:13] Checking 1 host keys against Wordfence scanning servers.
[Oct 20 11:29:14] Analyzed 100 files containing 1.67 MB of data so far
[Oct 20 11:29:14] Analyzed 200 files containing 2.93 MB of data so far
[Oct 20 11:29:14] Done host key check.
[Oct 20 11:29:14] Scanned comment with Author: dina postolachi Email: [email protected] Source IP: 109.166.133.175
[Oct 20 11:29:15] Analyzed 300 files containing 3.92 MB of data so far
[Oct 20 11:29:15] Analyzed 400 files containing 5.86 MB of data so far
[Oct 20 11:29:16] Analyzed 500 files containing 6.61 MB of data so far
...
[Oct 20 11:29:23] Analyzed 1900 files containing 40.52 MB of data so far
[Oct 20 11:29:24] Analyzed 2000 files containing 41.95 MB of data so far
...
[Oct 20 11:32:19] Scanning comment with Author Printesa Urbana Email: [edited] Source IP: [edited]
[Oct 20 11:32:19] Checking 1 host keys against Wordfence scanning servers.
[Oct 20 11:32:20] Done host key check.
[Oct 20 11:32:20] Scanning comment with Author Printesa Urbana Email: [edited] Source IP: [edited]
[Oct 20 11:23:24] Scanned comment with Author: iheqibaa Email: [edited] Source IP: [edited]
[Oct 20 12:28:21] Scanning comment with Author: xyz [edited] Source IP: [edited]
[Oct 20 12:28:21] Checking 1 host keys against Wordfence scanning servers.
[Oct 20 12:28:22] Done host key check.
[Oct 20 12:28:22] Scanned comment with Author: xyz [edited] Source IP: [edited]
[Oct 20 12:38:34] Scanning comment with Author: pvhjunqabk [edited] Source IP: [edited]
[Oct 20 12:38:34] Checking 6 host keys against Wordfence scanning servers.
[Oct 20 12:38:35] Done host key check.
[Oct 20 12:38:35] Scanned comment with Author: pvhjunqabk [edited] Source IP: [edited]
[Oct 20 12:42:13] Scanning comment with Author: aseyelela [edited] Source IP: [edited]
[Oct 20 12:42:13] Checking 4 host keys against Wordfence scanning servers.
[Oct 20 12:42:14] Done host key check.
[Oct 20 12:42:14] Scanned comment with Author: aseyelela [edited] Source IP: [edited]
[Oct 20 12:44:04] Scanning comment with Author: boqvasebic [edited] Source IP: [edited]
[Oct 20 12:44:04] Checking 4 host keys against Wordfence scanning servers.
[Oct 20 12:44:05] Done host key check.

And so on.
Since Monday I have not had one completed scan.

What can I do?

Thank you,
Alexandra