Hey Brian,
Thanks for the response. Yes I was just about to start that process when I had an idea.
Hope this helps anyone else who has a similar issue with a malicious website popup in their Wordpress site.
1) Inspected the page source code. Not as hard as I thought, even for a beginner to scan the scripts and stuff, looking for anything odd. I immediately saw some stuff like 'clk' and other domain addresses which shouldn't be there.
2) Copied the malicious addresses into Google, ran a search and immediately found them listed as spam. Here's the link I was taken to:
https://blog.sucuri.net/2015/06/sweetcaptcha-service-used-to-distribute-adware.html
3) So for me the problem was the SweetCaptcha plugin I was using. It was using an iframe to link my users to spam sites. If you're using SweetCaptcha, it might look sweet but it definitely isn't - get rid!!
Hope it helps.
Cheers