Site now cleansed from SEO Spam malware, but still vulnerable or reinfested!

Viruses and worms
1

Avast rightly detected this site as it was malware infested (VBS:Agent-KZ [Trj] flagged).
Code that should be retired there: http://ruche-haiti.org
Detected libraries:
jquery - 1.11.1 : -http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=4708
jquery.prettyPhoto - 3.1.4 : -http://ruche-haiti.org/wp-content/themes/rttheme16/js/jquery.prettyPhoto.js?ver=4708
Info: Severity: high
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6837&cid=3
Info: Severity: high
https://github.com/scaron/prettyphoto/issues/149
https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto
1 vulnerable library detected

WordPress Version
3.5
Version does not appear to be latest 4.3.1 - update now.

WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

w3-total-cache 0.9.2.4 latest release (0.9.4.1) Update required
http://www.w3-edge.com/wordpress-plugins/w3-total-cache/
wordpress-seo 1.1.9 latest release (2.3.5) Update required
https://yoast.com/wordpress/plugins/seo/
contact-form-7 3.2 latest release (4.3) Update required
http://contactform7.com/
sitepress-multilingual-cms 2.0.4.1

Warning User Enumeration is possible (XucheXXXXXXXXXXX)

Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

So compromittal could re-occur any timeā€¦

VT still gives as malicious: https://www.virustotal.com/nl/url/393c8d0be9ea5345871cf18b31567fff1cbbdb7883739019883fdec21067a565/analysis/

Given as infested: https://sitecheck.sucuri.net/results/ruche-haiti.org

2 suspicious files: /wp-content/plugins/contact-form-7/includes/js/jquery.form.js?ver=3.09
Severity: Suspicious
Reason: Detected encoded JavaScript code commonly used to hide suspicious behaviour.
Details: Generic suspicious HEX encoder
Offset: 15312
Threat dump: View code

[[\x69\x66\x72\x61\x6D\x65]]

Threat dump MD5: 9BD70F2DD5BA1BC6D18F823401C0E2C9
File size[byte]: 16457
File type: ASCII
Page/File MD5: 4300619EA5E2C479A22B8B353895B768
Scan duration[sec]: 0.035000

/wp-content/plugins/sitepress-multilingual-cms/res/js/sitepress.js
Severity: Suspicious
Reason: Detected encoded JavaScript code commonly used to hide suspicious behaviour.
Details: Generic suspicious HEX encoder
Offset: 1002
Threat dump: View code

[[\x69\x66\x72\x61\x6D\x65]]

Threat dump MD5: 9BD70F2DD5BA1BC6D18F823401C0E2C9
File size[byte]: 2028
File type: ASCII
Page/File MD5: FD66CA4054F750C1586EC85DB5544068
Scan duration[sec]: 0.005000

polonus