My server has found malware in this VM file on all of my websites:
components/com_virtuemart/assets/js/jquery.min.js
Just for your info.
It's not malware but an old insecure version of the script. VM no longer ships the file but it is also not deleted on update. You can delete it if you don't have any old templates and extensions that might be using it.