@raulfj
The funny-behavior directory (or whatever the name is) is not malware. It is the result of the Block List Countermeasure feature of this plugin. If you visit the link above, you can find details of what it is.
The short version is Ad Blocking Detector creates a support plugin (called the Block List Countermeasure Plugin) which contains copies of crucial components. This support plugin is put in a randomly named directory (funny-behavior in your case). It is required because WordPress forces Ad Blocking Detector to be installed in a certain folder (adblocking-detector if I recall correctly). This forced location makes it trivial for ad blockers to block Ad Blocking Detector (and they have). When ad blockers do this, this plugin stops functioning. The random named copy of the important files is used to circumvent this.
This is another example of this plugin be specifically targeted, though the methodology is more benign and less objectionable than the malware method used by others.
If you wish to verify that the strange directory is this Block List Countermeasure, Ad Blocking Detector specifies the directory name of the Block List Countermeasure plugin on the Advanced Settings tab of the Ad Blocking Detector dashboard. If you want to generate a different name, there is a button on that tab (under the name) that will do so.
Screenshot of the Directory Name on One of My Sites: http://1drv.ms/1QAVv7Z