I've had WP sites getting hacked in the past, but never like this before.
I had my client get in touch to say that they had a notice underneath their website name under Google search results stating "This website may be hacked".
So I logged into Google Webmaster Tools and somehow a file called 'hollister.php' had found its way into the wp-includes folder and was producing spam in Google search results.
I removed this file and upgraded WP and all plugins. I also did another scan using Wordfence to check that everything was in order.
I used Google's 'Fetch' tool to verify that the file had been removed.
However Google still thinks that several other files exist on the website, such as:
However in these instances, I cannot find the troublesome files anywhere. They don't show up in my FTP client (even when performing a search) or in cPanel's File Manager.
I'm at a loss as to how to prove to Google that these files don't reside on the client's server.
Does anyone know what I can do to remove them and stop Google from thinking that the website is hacked?
Could this be in any way related to my client's hosting account?