I am using the plugin as well, being concerned about the malicious thing I browsed the trac logs https://plugins.trac.www.ads-software.com/log/follow-button-for-jetpack and it seems that the plugin never contained the file bao.php /wp-content/plugins/follow-button-for-jetpack/bao.php
@seanbanksbliss I think you should check, there might be some other vulnerability still present at your server which might be making this bao.php file with malicious code in it.
