One infected file is enough to infect ALL sites on same shared hosting account. Generally we need to:
- Find the cause and kill it
- Clean all other web-sites on same account from suspicious and infected items
Steps to take:
1. Reinstall WordPress completely leaving only wp-content folder and wp-config.php files
Open wp-config,php file to check there is no malicious code intruded.
Open .htaccess file to check there is no malicious code intruded. If .htaccess file does not exist after fresh WP installation – copy it from other place.
2. Compress (Zip) wp-content folder and download to your computer
3. UnZipp (extract) on your computer and run antivirus on that folder
4. This banner is only shown in Google Chrome and Opera. while FF and Edge do not show it.
I used Firebug in Chrome and found div element for that banner as well as banner image URL
5. Opened Dreamweaver and performed a search for that element and image URL/name
6. Search phpMyAdmin database for element name, file name – anything that is included into Firebug code you’ve found.
7. WordPress theme – that’s where problem was.
8. Final word – always update plugins and themes. Do NOT keep file of older default WP themes like twentyfifteen, sixteen etc… – delete them.
Use most rated Anti-Virus software cause not all softwares have same perfect detection ratio.
