Hi,
Did you resolve this? This looks identical to my issue: I have Wordfence installed and it picked up nothing. I am currently running a check on
- image files as executable,
- public facing site vulnerabilities
- files outside the installation, and
- high sensitivity.
Further info - the rogue code will not be apparent by looking at your on website's code in the browser (via View Page Source), it can only be seen by something like a 'Fetch as Google' from the Google Webmasters Tools. The code seems to add in snippets. Here is a section of the load:
{...} <style type="text/css">.recentcomments a{display:inline !important;padding:0 !important;margin:0 !important;}</style>
<div id="5e7hni"><!--googleoff: snippet-->Players interested in playing lottery sort of games should visit <a href="http://robertocavalliblog.com/?p=best-online-casinos" title="best online casinos">best online casinos</a> to
[..]
<!--googleon: snippet-->`
The scan is going slowly for me also. Will let you know if anything is reported with these WF config settings.
C