The site ahead contains malware

Hi,

Do not panic!

please run a malware scan at: https://quttera.com/

and post here the report link, then i will help you locate and remove the malware.

Normalized URL: https://lehighvalleywomansjournal.com:80
Submission date: Wed Sep 16 17:40:37 2015
Server IP address: 192.232.251.218
Country: United States
Server: nginx/1.8.0
Malicious files: 0
Suspicious files: 0
Potentially Suspicious files: 0
Clean files: 64
External links detected: 100
Iframes scanned: 11
Blacklisted: Yes

Safe Browsing
Diagnostic page for lehighvalleywomansjournal.com

What is the current listing status for lehighvalleywomansjournal.com?
Site is listed as suspicious – visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 67 pages we tested on the site over the past 90 days, 22 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2015-09-14, and the last time suspicious content was found on this site was on 2015-09-14.
This site was hosted on 1 network(s) including AS46606 (UNIFIEDLAYER-AS-1).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, lehighvalleywomansjournal.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google’s Webmaster Help Center.

I did just remove BBPress because people just post spam comments in the forum. SO could that be why it say no malicious content found? The rest of this report confuses me and I still cannot get to my site without the malware warning

11 iFrames? Seems like a lot. What’s in those? If they’re from external websites, do you trust them? Malicious content might have appeared in them without actually being on your own website as such.

Hi Jason,
All the iFrames are from youtube and amazon

Hi,

I am check another scan here: https://sitecheck.sucuri.net/results/lehighvalleywomansjournal.com

I managed to locate your malware:

Please access your admin panel > go to Theme editor > footer.php

find this tag: <!–visitorTracker–>

and remove a script that look like this: https://labs.sucuri.net/db/malware/malware-entry-mwjsgen2?web.js.visitor_tracker.001

Click update. Let me know you have done that so I scan your site again.

Or you can paste here the entire code of footer so I tell you what to delete.

I am having trouble finding the code!

Alright! I think I found it:

Remove this code:

[ Malware code deleted ]

Ok have deleted visitor tracking from all of those

Gj! I see more:

in

https://lehighvalleywomansjournal.com/wp-content/themes/genesis/lib/js/menu/superfish.compat.min.js

https://lehighvalleywomansjournal.com/wp-content/themes/genesis/lib/js/menu/superfish.args.min.js

Also check header.php and index.php for any malware script that look like these samples:

https://labs.sucuri.net/db/malware/malware-entry-mwjsgen2?web.js.visitor_tracker.001

Look for this code in the entire theme files especially header.php, footer.php, index.php:

Removed those two as well. It won’t let me look at that site. “This webpage is not available ERR_CONNECTION_RESET”

check my last pm, that’s the code you need to find a delete