WP site compromised

[Mark M]

I received an email from Google to say that my site contained malicious code, loaded up the site and when you click on a link it opens up a new page that takes you to some advertising junk.

Whats the best approach to get to the bottom of this? I have very few addons enabled but presume one of them or the core WP has been exploited somehow? WP is automatically upgraded but Im a little lapse with updating the addons in all honesty.

Any pointers or advice greatly appreciated thanks.

Edit - not sure if linked to the recent Vidahost thread about a potential compromise but this site is hosted with Vidahost.

 

[Mark M]

Thought I had sorted the issue but just want to check if this is another (or linked) issue...

When I go to www.site1.co.uk/wp-login I get redirected to http://site1.co.uk/wp-login.php?redirect_to=http://site1.co.uk/wp-admin/&reauth=1

Ive removed the actual domain and replaced with site1 but unsure what the redirect is? It looks like its still my site but what is the bit with the %'s etc?

Havent tried actually logging in yest just in case its not safe.

Edit - thought it might be a cookie issue so tried it in incognito mode and it does the same.