Bluehost just suspended my account for this so-called malicious code:
These files appear to contain malicious code. You will want to review the files and remove the injected code from important files and/or remove unused or invalid files.
/mypath/public_html/mark/wp-includes/css/dashicons.min.css
/mypath/public_html/mark/wp-includes/css/dashicons.css
/mypath/public_html/mysite/modules/mod_AutsonSlideShow/elements/colorpicker.php
now what? they want me to remove everything