Our http://www.gojapango.com site was hacked a few weeks ago and some Doubleclick ads were installed onto the site. I thought all I would need to do is find the references to DoubleClick in the site and remove them. I then found the DoubleClick code is part of the core plugin.
wp-content/plugins/geodirectory/geodirectory-admin/google-api-php-client/src/Google/Service/Doubleclicksearch.php
wp-content/plugins/geodirectory/geodirectory-admin/google-api-php-client/src/Google/Service/DoubleClickBidManager.php
What are the best options for removing these two large floating DoubleClick ads?
Can I just remove the DoubleClick related files?
Of course the rogue ads could be coming from some other hidden script.
It appears the site was hacked via an old phpBB forum that was left in place, but not updated.