Malware errors Everest Pro

Using Catch Everest Pro on a number of sites. One in particular has started looking very strange. When our client views their website multiple windows start opening – they are using Explorer. On running a site check using Sucuri, it has thrown up 'Known javascript Malware' message. This is the website... http://www.kingsholidaycottages.co.uk/ The url Securi claims is infected is... /themes/catch-everest-pro/js/query.js The Malware is claimed to be mwjs-iframe-injecyed530?v16. Can you advise please?