We are on the latest version of this plugin, updated all plugins to the latest versions, and wordpress is up to date. i did the following items over the last couple of days. I flipped my website into maintenance mode. I downloaded the entire website and backed up my database.
I reset all of my passwords like FTP, Database password, and all admin accounts have had there passwords reset. I even scanned my computer for viruses.
I found several files that had deceptive code in them. I've removed that code and uploaded the files back to the server. I think my site is clean (but it wasnt).
After all that then i find this great plugin! It helped me find a few other files that had deceptive code in them. I've removed those files or updated them to remove the deceptive code.
I deleted extra plugins that werent activated on our site.
I've run the Wordfence security scan about 10 times. I've used it to compare the wordpress core files to what i have on my site and its saying we don't have any security issues. Everything looks good.
So, I go to Google Webmaster Tools and i use the Fetch as Google feature for one of the urls i found that had some problems. I found this in google search results. The result from Fetch as Google for the url i scan with it is still showing pharmacy ads at the top of the page.
Does this mean my website is still not fixed? Or am i seeing the Pharmacy ads because that is what Google has cached? This part I'm a little confused on.