One of my clients websites was infected with malware links after I installed the WPML plugins so I don't really know how to say this but it's very sad that a big and wellknown plugin can cause this type of destruction on a site.
I had to spend 75 dollar to hire a security company for them to scan and clean all malware code. The security company explained that the vulnerability came from theese 4 plugins from WPML:
Keep in mind that I just installed WPML and started using it a couple of days ago so yes everything was updated. Can you please doublecheck your plugins because there can be a lot of clients of yours that are infected with malware virus on their websites.