I’m just reading around about this now, but from what I understand about this, I *think* you may be misunderstanding what the GoDaddy rep is telling you, and in all fairness, what they’re telling you is quite misleading.
First of all, for this pharma hack to be possible, the malware files need to be located somewhere in one of your plugins or your theme. Trust me when I tell you that there is absolutely no chance that I have delivered a theme to you that contains these files within it. That would just not be possible. I develop a theme on my local network, I’m on top of every every file in it, and I submit this all ZIP’d up to ThemeForest, which is what you purchase and download.
What GoDaddy is telling you is that the barely-corporate theme on your server contained these malware files. How did they get there? — That would be the question. The most logical assumption is that someone has compromised the GoDaddy servers (which happens often, especially with cheaper shared plans where hackers can target many customers at once) and injected files that way into your active theme. And most likely you’re not the only one of their customers that this has happened to, but of course, they’re not going to word it like this.
I have updated from 3.1.4 to 3.1.5 and the pharma seems to have disappeared. But I am concerned about a hack with 3.1.5. Do you know if 3.1.5 included any security features against pharma hack?
I honestly have never heard of this pharma hack until your topic here, so I can assure you I haven’t done anything to the theme in this regard 😉 — You updated the theme to the latest version, essentially starting over with a fresh copy on your GoDaddy hosting account, and now the malware files are gone.