Davood Dehnavi on "How to remove specific HTML inside cms/wysiwyg?"

Yep, I used the wordfence plugin and it just showed me the infected pages and told me to edit them, as I already have countless times but the spam comes back in a few days. One thing I've noticed though is that the spam always comes from my client's main account, because in the version history I find this:

Version of client's name
3 days ago (11 Jun @ 05:52)

and the content is full of spam.

I've told him to do a full virus and malware scan on his home computer which he says he have done, so I guess that's not it. My next thought was maybe that the admin.php file or something is corrupt or on my FTP. Which file in WordPress is handling the edit process for admins? Still I would think Wordfence and similar scans would've found anything suspicious if that were the case. I can't find any suspicios base64_decode or edoced_46esab in any of my files either.