looks like your website was hacked. All our themes are secure because we use only WordPress core functions and we know what we do. First thing is to deactivate all plugins, most of all hacked websites were vulnerable due to the use of (bad made) plugins. Next step is to change all your passwords (WordPress, Hosting account, FTP, E-Mail). Then delete all files your hosting company sent you (see your message) with FTP. Please be careful when you install new plugins, this is the most important thing!