Additional Resources:
]]>But for malware to exist it doesn’t have to be visible on your website.
]]>You could also download a fresh copy of one of those themes and do a comparison between a flagged theme file in your installation and the fresh version (e.g. the functions.php file of the autofocus-lite theme). Notepad ++ or similar allows you to compare code if the file is lengthy. As an aside, are you using all those themes, or just one? It would reduce the possibility of future hacks if you deleted the themes that are not in use. (*Take a files and database backup first, before any deletion*)
]]>Based on the fact that that your web host detected malicious code in the functions.php file for numerous themes, it seems unlikely that this is a false positive as they shouldn’t all contain code that leads to a false positive. It is fairly common for hacks of WordPress websites to add code to that file in the themes installed on the website. Following barnez’s advice you should be able to take a look at one of those files and see if there has been some code added to it.
]]>I installed the plugin Wordfence Scan and ran a scan – it pointed to the possible problem code in the functions file.
It says The infection type is: Backdoor:PHP/get_all_links. – When I compare the functions file with a none-infected file, the text is indeed different.
Also, even all the inactive themes have problems with the functions.php. So I guess I’ll just delete the inactive ones and find a way to fix the ones in use.
Any suggestions?