Malwarebytes and SuperAntiSpyware.
@redleg-too anyway, maybe u have found the code, but where is it? I mean, I've replaced a lot of .js files, but I still have the problem. In what files are that code?
Replacing a lot isn't enough. It needs to be every JS file. That means a fresh copy of the WP-ADMIN and WP-INCLUDES (delete the entire folders unless you've customised) then in WP-CONTENT you need to reinstall plugins and clean any JS your theme is using.
Double check all folders 755 and files 644 permission etc etc as per links already given above