A few days ago Google and my hosting provider sent me a message that my site may contain malicious code. I found out that in each post there is a script that opens an iframe and loads a page on some domain in India but the page won't even load. My question is how do I remove this script from all the posts? I know it can be done with SQL commands but I'm too unfamiliar with them to do it. Also, will removing this script fix the issue? Or is there a bigger issue... since I don't have a clue how it got in there. I run the latest version, have no plugins, and only made a basic theme. I found the script in the wp_posts table in the post_content field. Here is the script, and thanks a lot for your help!!
Google says this is the suspected injected code: