My website redirects to Malware. Pc and browser clean

[Geor]

Hello everyone.
After some work with my website today,the website is very slow all day,most of the times it does not load or when it does it redirects on a spam website called that -> securesignupoffers.net .
This adware or whatever it is,its not installed anywhere on the pc,no process on the task manager,and i cant find any folder related to it,so it probably is on my website. I get this redirect ONLY on my website.
The website is this -> georld.com .
Any idea what's going wrong???

[pranabmistry]

May be yes

[Geor]

So what can i do now?

[pranabmistry]

Your site is not redirecting at all...... it;s geoworld...... I am able to open this.

[Geor]

Your site is not redirecting at all...... it;s geoworld...... I am able to open this.

So do you think its my computer then? As i mentioned in my OP i cannot find any program installed,and i did try malware remover.

[pranabmistry]

Did you try to open the site with a different browser?

[Geor]

Did you try to open the site with a different browser?

Yes. Internet explorer worked fine until like an hour ago when it did the exact same thing. It now seems to be working fine (this redirect does not have a system,it just happens some times).

[mandville]

http://sitecheck.sucuri.net/results/georld.com
does it do it on a different computer, have ou virus scanned our pc? installed something recently? malware?

[Geor]

http://sitecheck.sucuri.net/results/georld.com
does it do it on a different computer, have ou virus scanned our pc? installed something recently? malware?

So i am hacked. I found exactly my problem on a online site virus checker which is more acurate than sucuri and tells me exacly the problem i encounter (securesignup) .
Here is the screenshot. Now the real question is what am i doing now? Is this a person trying to steal from me or is it just a program?

[Geor]

Hi guys.
My website redirects into another page. My pc is absolutely clean (checked with antivirus and and malware bytes) and there is nothing on the browser or any background running process,which probably means that there is something in the website.
How to find it and remove it?

[leolam]

http://forum.joomla.org/viewtopic.php?f=714&t=757645

Leo

[Geor]

http://forum.joomla.org/viewtopic.php?f=714&t=757645

Leo

Thank you Leo. I do not understand what this forum post assistant details about me gives,but anyway i will post it and i will hope that everyone here is not a bad person .
I uploaded the generated text as a text doc because it had too many words and the forum wouldn't allow more than 20000 words. If its not the right way please let me know how else i can do it.

[Geor]

Maybe two separate posts?

Website redirects to a different website

-

Joomla! Instance :: Joomla! 3.4.1-Stable (Ember) 21-March-2015
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Read-Only (444) | Owner: 15169437 (uid: /gid: ) | Group: 15169437 (gid: ) | Valid For: 3.4
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-531.29.2.lve1.3.11.1.el6.x86_64 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /home/vol4_8/byethost31.com/b31_15169437/htdocs | System TMP Writable: Yes

PHP Configuration :: Version: 5.4.38 | PHP API: apache2handler | Session Path Writable: Yes | Display Errors: | Error Reporting: 32759 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: /php_sessions:/tmp:/var/www/errors:/usr/share/pear:/home/vol4_8/byethost31.com/b31_15169437/htdocs | Uploads: 1 | Max. Upload Size: 10M | Max. POST Size: 20M | Max. Input Time: 30 | Max. Execution Time: 20 | Memory Limit: 128M

MySQL Configuration :: Version: 5.6.22-71.0 (Client:mysqlnd 5.0.10 - 20111026 - $Id: c85105d7c6f7d70d609bb4c000257868a40840ab $) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 4.82 MiB | #of Tables:  263

PHP Extensions :: Core (5.4.38) | date (5.4.38) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7) | zlib (2.0) | bcmath () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | fileinfo (1.0.5) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | intl (1.1.0) | json (1.2.1) | mbstring () | mcrypt () | standard (5.4.38) | mysqlnd (mysqlnd 5.0.10 - 20111026 - $Id: c85105d7c6f7d70d609bb4c000257868a40840ab $) | mysqli (0.1) | mysql (1.0) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | Phar (2.0.1) | Reflection ($Id: f6367cdb4e3f392af4a6d441a6641de87c2e50c4 $) | imap () | SimpleXML (0.1) | soap () | exif (1.4 $Id: 7f95ff43ea7cc9a2c41a912863ed70069c0e34c5 $) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | apache2handler () | phalcon (1.3.4) | ionCube Loader () | Zend Guard Loader () | Zend Engine (2.4.0) |
Potential Missing Extensions :: suhosin |
[quote]
Switch User Environment (Experimental) :: PHP CGI: No | Server SU: No | PHP SU: No | Custom SU (LiteSpeed/Cloud/Grid): No
Potential Ownership Issues: Maybe

[/quote]

[Geor]

Apache Modules :: core | prefork | http_core | mod_so | mod_extract_forwarded2 | mod_ruid2 | mod_auth_basic | mod_authn_file | mod_authz_host | mod_authz_user | mod_authz_groupfile | mod_include | mod_log_config | mod_env | mod_expires | mod_deflate | mod_headers | mod_setenvif | mod_mime | mod_status | mod_autoindex | mod_dir | mod_alias | mod_rewrite | mod_apreq2 | mod_hostinglimits | mod_perl | mod_php5 | mod_dbd | mod_vhs | Apache |
Potential Missing Modules :: mod_security | mod_evasive | mod_dosevasive | mod_ssl | mod_qos | mod_userdir |
[/size]

Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) :: administrator/backups/ (777) | administrator/cache/com_virtuemart_cats/ (777) | administrator/cache/com_virtuemart_revenue/ (777) | administrator/cache/com_virtuemart_rss/ (777) | administrator/cache/convertECB/ (777) | administrator/cache/j2storemodelshipping.item/ (777) | cache/com_virtuemart_cats/ (777) | cache/convertECB/ (777) | [/size]

Components :: SITE :: com_wrapper (3.0.0) | WF_LISTS_TITLE (2.4.2) | WF_LINK_TITLE (2.4.2) | WF_SPELLCHECKER_TITLE (2.4.2) | WF_FONTSELECT_TITLE (2.4.2) | WF_FULLSCREEN_TITLE (2.4.2) | WF_TEXTCASE_TITLE (2.4.2) | WF_INLINEPOPUPS_TITLE (2.4.2) | WF_SEARCHREPLACE_TITLE (2.4.2) | WF_CLIPBOARD_TITLE (2.4.2) | WF_PRINT_TITLE (2.4.2) | WF_CONTEXTMENU_TITLE (2.4.2) | WF_CHARMAP_TITLE (2.4.2) | WF_MEDIA_TITLE (2.4.2) | WF_STYLESELECT_TITLE (2.4.2) | WF_FORMATSELECT_TITLE (2.4.2) | WF_PREVIEW_TITLE (2.4.2) | WF_ANCHOR_TITLE (2.4.2) | WF_CLEANUP_TITLE (2.4.2) | WF_SOURCE_TITLE (2.4.2) | WF_FONTSIZESELECT_TITLE (2.4.2) | WF_BROWSER_TITLE (2.4.2) | WF_VISUALCHARS_TITLE (2.4.2) | WF_NONBREAKING_TITLE (2.4.2) | WF_ARTICLE_TITLE (2.4.2) | WF_FONTCOLOR_TITLE (2.4.2) | WF_TABLE_TITLE (2.4.2) | WF_DIRECTIONALITY_TITLE (2.4.2) | WF_KITCHENSINK_TITLE (2.4.2) | WF_IMGMANAGER_TITLE (2.4.2) | WF_XHTMLXTRAS_TITLE (2.4.2) | WF_VISUALBLOCKS_TITLE (2.4.2) | WF_LAYER_TITLE (2.4.2) | WF_AUTOSAVE_TITLE (2.4.2) | WF_STYLE_TITLE (2.4.2) | WF_LINK_SEARCH_TITLE (2.4.2) | WF_AGGREGATOR_VINE_TITLE (2.4.2) | WF_AGGREGATOR_VIMEO_TITLE (2.4.2) | WF_AGGREGATOR_[youtube]_TITLE (2.4.2) | WF_FILESYSTEM_JOOMLA_TITLE (2.4.2) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.4.2) | WF_LINKS_JOOMLALINKS_TITLE (2.4.2) | WF_POPUPS_JCEMEDIABOX_TITLE (2.4.2) | WF_POPUPS_WINDOW_TITLE (2.4.2) | com_mailto (3.0.0) |
Components :: ADMIN :: com_joomlaupdate (3.0.0) | com_plugins (3.0.0) | COM_CREATIVEIMAGESLIDER (2.0.0) | com_banners (3.0.0) | Unknown (-) | JCE (2.4.2) | com_cpanel (3.0.0) | com_tags (3.1.0) | com_contenthistory (3.2.0) | COM_K2 (2.6.8) | mod_k2_comments (-) | mod_k2_comments (-) | com_messages (3.0.0) | com_languages (3.0.0) | COM_EASYJOOMLABACKUP (3-4) | com_cache (3.0.0) | com_users (3.0.0) | com_postinstall (3.2.0) | com_templates (3.0.0) | com_checkin (3.0.0) | com_modules (3.0.0) | com_installer (3.0.0) | com_admin (3.0.0) | com_search (3.0.0) | com_ajax (3.2.0) | com_config (3.0.0) | com_weblinks (3.0.0) | com_redirect (3.0.0) | com_newsfeeds (3.0.0) | com_finder (3.0.0) | com_media (3.0.0) | HikaShop Product TAG insertion (2.3.5) | Hikashop Payza Payment Plugin (2.3.5) | Hikashop Currency Switcher Mod (2.3.5) | Hikashop - Mijoshop Fallback R (2.3.5) | System - Hikashop Social Plugi (2.3.5) | Hikashop no SSL outside checko (2.3.5) | Hikashop iPayDNA Payment Plugi (2.3.5) | Hikashop eSelect Payment Plugi (2.3.5) | Hikashop FirstData Payment Plu (2.3.5) | User - HikaShop (2.3.5) | Hikashop SOFORT Payment Plugin (2.3.5) | HikaShop Product TAG translati (2.3.5) | Hikashop CECA Payment Plugin (2.3.5) | Hikashop MasterCard Internet G (2.3.5) | Hikashop PayPlug payment plugi (2.3.5) | Hikashop - Kashflow invoice sy (2.3.5) | Hikashop WorldNetTPS Payment P (2.3.5) | Hikashop Paybox Plugin (2.3.5) | Hikashop UPS Shipping Plugin (2.3.5) | Hikashop Google Checkout Payme (2.3.5) | Hikashop eWAY Payment Plugin (2.3.5) | Hikashop Postfinance Payment P (2.3.5) | Hikashop Borgun payment plugin (2.3.5) | Hikashop HSBC Payment Plugin (2.3.5) | Hikashop Purchase Order Paymen (2.3.5) | Hikashop CANADA POST Shipping (2.3.5) | Hikashop Cart Module (2.3.5) | Hikashop User account Plugin (2.3.5) | Hikashop CyberMuth CIC Payment (2.3.5) | Hikashop googlewallet Payment (1.0) | Hikashop Manual Shipping Plugi (2.3.5) | Hikashop SIPS ATOS Payment Plu (2.3.5) | Hikashop Massaction Address Pl (2.3.5) | Search - Hikashop Products (2.3.5) | Hikashop OKPay Payment Plugin (2.3.5) | Hikashop Paypal Pro Payment Pl (2.3.5) | Ogone Payment Plugin (2.3.5) | HikaShop tax calculations over (2.3.5) | Hikashop Amazon Payment Plugin (2.3.5) | HikaShop Google Dynamic Remark (2.3.5) | Hikashop ePay Payment Plugin (2.3.5) | Hikashop Be2Bill Payment Plugi (2.3.5) | Hikashop Worldpay Global Gatew (2.3.5) | Hikashop FedEx Shipping Plugin (2.3.5) | Hikashop Product Tag (2.3.5) | Hikashop Payment Express Payme (2.3.5) | Hikashop TaxCloud Plugin (2.3.5) | Hikashop Module (2.3.5) | Hikashop Beanstream Payment Pl (2.3.5) | Hikashop Virtual Merchant (Ela (2.3.5) | Hikashop adyen Payment Plugin (1.0) | Hikashop payfast Payment Plugi (1.0) | Hikashop CANPAR Shipping Plugi (1.0.0) | Hikashop Alipay Payment Plugin (2.3.5) | Hikashop Servired Payment Plug (2.3.5) | Hikashop SagePay Payment Plugi (2.3.5) | Hikashop Paypal Payment Plugin (2.3.5) | Hikashop Innovative Gateway Pa (2.3.5) | HikaShop Shipping Manual - Pri (2.3.5) | Hikashop Stripe Payment Plugin (2.3.5) | Hikashop iVeri Payment Plugin (2.3.5) | Hikashop Registration Redirect (2.3.5) | Hikashop Australia Post eDeliv (2.3.5) | Hikashop PaymentExpress (PxPay (2.3.5) | Hikashop CardSave Payment Plug (2.3.5) | HikaShop: Date Picker Custom F (2.3.5) | Hikashop USPS Shipping Plugin (2.3.5) | Hikashop Paygate Payment Plugi (2.3.5) | Hikashop Validate free order P (2.3.5) | Hikashop Platron Payment Plugi (2.3.5) | Hikashop Authorize.net Payment (2.3.5) | HikaShop Netgiro payment plugi (2.3.5) | Hikashop PayJunction Payment P (2.3.5) | Hikashop Massaction Product Pl (2.3.5) | Hikashop History Plugin (2.3.5) | Hikashop Paypal Advanced payme (2.3.5) | Hikashop - VirtueMart Fallback (2.3.5) | Hikashop Bluepaid Payment Plug (2.3.5) | Hikashop Credit Card Payment P (2.3.5) | Hikashop Collect On Delivery P (2.3.5) | Hikashop Bank Transfer Payment (2.3.5) | Hikashop Massaction Category P (2.3.5) | Hikashop Common Joomla Payment (2.3.5) | Search - Hikashop Categories/M (2.3.5) | Hikashop WorldPay Business Gat (2.3.5) | Hikashop Moneybookers Payment (2.3.5) | Hikashop BitCoin Payment Plugi (1.0.0) | Hikashop Massaction Order Plug (2.3.5) | Hikashop Western Union Payment (2.3.5) | Hikashop Envoimoinscher Shippi (2.3.5) | Hikashop Paypal Express Checko (1.0.0) | System - HikaShop Mass Action (2.3.5) | Hikashop - Redshop Fallback Re (2.3.5) | Hikashop Check Payment Plugin (2.3.5) | Hikashop Nets NETAXEPT Payment (2.3.5) | Hikashop Massaction User Plugi (2.3.5) | HikaShop (2.3.5) | com_content (3.0.0) | com_menus (3.0.0) | com_login (3.0.0) | com_categories (3.0.0) |

Modules :: SITE :: mod_weblinks (3.0.0) | mod_articles_latest (3.0.0) | mod_breadcrumbs (3.0.0) | mod_menu (3.0.0) | Hikashop Currency Switcher Mod (2.3.5) | mod_tags_popular (3.1.0) | mod_languages (3.0.0) | K2 Comments (2.6.8) | Custom CSS (1.8) | Simple Email Form (1.8.5) | SP Accordion module (2.8.0) | mod_stats (3.0.0) | K2 User (2.6.8) | mod_whosonline (3.0.0) | Hikashop Cart Module (2.3.5) | mod_articles_category (3.0.0) | mod_users_latest (3.0.0) | mod_articles_news (3.0.0) | mod_tags_similar (3.1.0) | Hikashop Module (2.3.5) | mod_footer (3.0.0) | K2 Content (2.6.8) | mod_login (3.0.0) | mod_search (3.0.0) | mod_articles_popular (3.0.0) | mod_random_image (3.0.0) | mod_custom (3.0.0) | K2 Users (2.6.8) | mod_banners (3.0.0) | Creative Image Slider (2.0.0) | mod_articles_archive (3.0.0) | mod_articles_categories (3.0.0) | mod_related_items (3.0.0) | mod_finder (3.0.0) | mod_feed (3.0.0) | FavSocial (1.4) | mod_syndicate (3.0.0) | K2 Tools (2.6.8) | mod_wrapper (3.0.0) |
Modules :: ADMIN :: mod_menu (3.0.0) | mod_stats_admin (3.0.0) | mod_status (3.0.0) | mod_logged (3.0.0) | mod_popular (3.0.0) | mod_submenu (3.0.0) | K2 Stats (admin) (2.6.8) | mod_multilangstatus (3.0.0) | mod_login (3.0.0) | mod_toolbar (3.0.0) | mod_custom (3.0.0) | mod_title (3.0.0) | mod_latest (3.0.0) | mod_version (3.0.0) | K2 Quick Icons (admin) (2.6.8) | mod_quickicon (3.0.0) | mod_feed (3.0.0) |

Plugins :: SITE :: plg_editors-xtd_readmore (3.0.0) | plg_editors-xtd_pagebreak (3.0.0) | plg_editors-xtd_image (3.0.0) | HikaShop Product TAG insertion (2.3.5) | plg_editors-xtd_article (3.0.0) | Search - Hikashop Products (2.3.5) | plg_search_tags (3.0.0) | plg_search_content (3.0.0) | Search - K2 (2.6.8) | plg_search_categories (3.0.0) | plg_search_weblinks (3.0.0) | plg_search_contacts (3.0.0) | Search - Hikashop Categories/M (2.3.5) | plg_search_newsfeeds (3.0.0) | plg_user_profile (3.0.0) | User - K2 (2.6.8) | jNews User Synchronization (2.1) | plg_user_contactcreator (3.0.0) | plg_user_joomla (3.0.0) | plg_authentication_gmail (3.0.0) | plg_authentication_cookie (3.0.0) | plg_authentication_ldap (3.0.0) | plg_authentication_joomla (3.0.0) | plg_twofactorauth_yubikey (3.2.0) | plg_twofactorauth_totp (3.2.0) | plg_captcha_recaptcha (3.4.0) | HikaShop: Date Picker Custom F (2.3.5) | Hikashop - Kashflow invoice sy (2.3.5) | Hikashop Massaction Product Pl (2.3.5) | Hikashop History Plugin (2.3.5) | Hikashop Massaction Category P (2.3.5) | Hikashop Massaction User Plugi (2.3.5) | HikaShop Shipping Manual - Pri (2.3.5) | Hikashop User account Plugin (2.3.5) | Hikashop Massaction Order Plug (2.3.5) | Hikashop TaxCloud Plugin (2.3.5) | Hikashop Validate free order P (2.3.5) | Hikashop Massaction Address Pl (2.3.5) | plg_editors_tinymce (4.1.7) | plg_editors_jce (2.4.2) | plg_editors_codemirror (5.0) | plg_content_pagebreak (3.0.0) | plg_content_pagenavigation (3.0.0) | plg_content_emailcloak (3.0.0) | plg_content_finder (3.0.0) | plg_content_loadmodule (3.0.0) | plg_content_joomla (3.0.0) | plg_content_vote (3.0.0) | Josetta - K2 Categories (2.6.8) | Josetta - K2 Items (2.6.8) | jNews Content Bot (2.6) | jNews Share Bot (2.1) | jNews Tag: Date and Time (2.1) | jNews K2 Bot (2.1) | jNews Tag: Subscriber (2.1) | jNews Forward to Friend (2.1) | jNews Tag: Site Links (2.1) | jNews Tag: Subscriptions (2.1) | plg_extension_joomla (3.0.0) | Hikashop Paypal Advanced payme (2.3.5) | Hikashop Alipay Payment Plugin (2.3.5) | Hikashop payfast Payment Plugi (1.0) | Hikashop Worldpay Global Gatew (2.3.5) | Hikashop Google Checkout Payme (2.3.5) | Hikashop Credit Card Payment P (2.3.5) | Hikashop Beanstream Payment Pl (2.3.5) | Hikashop googlewallet Payment (1.0) | Hikashop eSelect Payment Plugi (2.3.5) | Hikashop adyen Payment Plugin (1.0) | Hikashop PayJunction Payment P (2.3.5) | Hikashop Paypal Pro Payment Pl (2.3.5) | Hikashop Paypal Payment Plugin (2.3.5) | Hikashop SOFORT Payment Plugin (2.3.5) | Hikashop PayPlug payment plugi (2.3.5) | Hikashop Paybox Plugin (2.3.5) | Hikashop Bank Transfer Payment (2.3.5) | Hikashop eWAY Payment Plugin (2.3.5) | Hikashop iVeri Payment Plugin (2.3.5) | Hikashop SIPS ATOS Payment Plu (2.3.5) | Hikashop Moneybookers Payment (2.3.5) | Hikashop HSBC Payment Plugin (2.3.5) | Hikashop ePay Payment Plugin (2.3.5) | Hikashop Authorize.net Payment (2.3.5) | Hikashop Paygate Payment Plugi (2.3.5) | Hikashop iPayDNA Payment Plugi (2.3.5) | Hikashop FirstData Payment Plu (2.3.5) | Hikashop Servired Payment Plug (2.3.5) | Hikashop CECA Payment Plugin (2.3.5) | Hikashop Western Union Payment (2.3.5) | Hikashop BitCoin Payment Plugi (1.0.0) | Hikashop Nets NETAXEPT Payment (2.3.5) | Hikashop Payment Express Payme (2.3.5) | Hikashop CardSave Payment Plug (2.3.5) | Hikashop Payza Payment Plugin (2.3.5) | Hikashop Stripe Payment Plugin (2.3.5) | Hikashop Purchase Order Paymen (2.3.5) | Hikashop Collect On Delivery P (2.3.5) | HikaShop Netgiro payment plugi (2.3.5) | Hikashop Borgun payment plugin (2.3.5) | Hikashop Platron Payment Plugi (2.3.5) | Hikashop Common Joomla Payment (2.3.5) | Hikashop Be2Bill Payment Plugi (2.3.5) | Hikashop PaymentExpress (PxPay (2.3.5) | Hikashop WorldNetTPS Payment P (2.3.5) | Hikashop Bluepaid Payment Plug (2.3.5) | Ogone Payment Plugin (2.3.5) | Hikashop CyberMuth CIC Payment (2.3.5) | Hikashop MasterCard Internet G (2.3.5) | Hikashop Virtual Merchant (Ela (2.3.5) | Hikashop Postfinance Payment P (2.3.5) | Hikashop Amazon Payment Plugin (2.3.5) | Hikashop Innovative Gateway Pa (2.3.5) | Hikashop Check Payment Plugin (2.3.5) | Hikashop Paypal Express Checko (1.0.0) | Hikashop OKPay Payment Plugin (2.3.5) | Hikashop SagePay Payment Plugi (2.3.5) | Hikashop WorldPay Business Gat (2.3.5) | plg_finder_tags (3.0.0) | plg_finder_content (3.0.0) | plg_finder_k2 (2.6.8) | plg_finder_categories (3.0.0) | plg_finder_weblinks (3.0.0) | plg_finder_contacts (3.0.0) | plg_finder_newsfeeds (3.0.0) | plg_system_p3p (3.0.0) | plg_system_debug (3.0.0) | HikaShop tax calculations over (2.3.5) | HikaShop Google Dynamic Remark (2.3.5) | plg_system_languagecode (3.0.0) | System - HikaShop Mass Action (2.3.5) | User - HikaShop (2.3.5) | System - K2 (2.6.8) | plg_system_sef (3.0.0) | plg_system_redirect (3.0.0) | plg_system_highlight (3.0.0) | Hikashop - Redshop Fallback Re (2.3.5) | Hikashop no SSL outside checko (2.3.5) | System - Hikashop Social Plugi (2.3.5) | Hikashop Product Tag (2.3.5) | Hikashop - Mijoshop Fallback R (2.3.5) | Hikashop - VirtueMart Fallback (2.3.5) | plg_system_languagefilter (3.0.0) | plg_system_log (3.0.0) | plg_system_remember (3.0.0) | Hikashop Registration Redirect (2.3.5) | HikaShop Product TAG translati (2.3.5) | plg_system_logout (3.0.0) | PLG_EASYJOOMLABACKUPCRONJOB (3-4) | plg_system_cache (3.0.0) | Creative Image Slider (2.0.0) | plg_quickicon_extensionupdate (3.0.0) | plg_quickicon_jcefilebrowser (2.4.2) | plg_quickicon_joomlaupdate (3.0.0) | plg_installer_webinstaller (1.0.5) | Hikashop Envoimoinscher Shippi (2.3.5) | Hikashop CANPAR Shipping Plugi (1.0.0) | Hikashop FedEx Shipping Plugin (2.3.5) | Hikashop Manual Shipping Plugi (2.3.5) | Hikashop USPS Shipping Plugin (2.3.5) | Hikashop Australia Post eDeliv (2.3.5) | Hikashop UPS Shipping Plugin (2.3.5) | Hikashop CANADA POST Shipping (2.3.5) |

Templates :: SITE :: beez3 (3.1.0) | FavouriteDark (1.2) | protostar (1.0) |
Templates :: ADMIN :: hathor (3.0.0) | isis (1.0) |

[mandville]

could the virus checkers you are using not notice that the malware is actually a program, a BHO?
what do your htaccess looks like? is there a redirect in them?
you have serious permission issues with the 777.' it is best to follow checklist 7 - safe route to recovery

[Geor]

I have no idea what a BHO is,could you explain me please? . Malwarebytes did uninstall 2 programs but the problem is still there.
I attached a screenshot of what the htaccess looks like. I am not sure if i got it right? What i found is not a folder but just a item that does not contain anything inside it.
What is a permission issue 777? Where is checklist 7 ?
As i mentioned (and as you probably can see ) i am an amateur.

[leolam]

http://en.wikipedia.org/wiki/Browser_Helper_Object is where Mandville refers at. ( BHOs are installed on your computer(!) by an outside software program)

Mandville asked you to post the content of the htaccess file here and not the file-structure.

Regarding permissions. Folders should always be '755' and files always '644'. Having folders and files on '777' is similar of going shopping while leaving your doors wide open and being amaze that when you return your home is empty.....https://docs.joomla.org/How_do_UNIX_fil ... ns_work%3F

Also fully outdated and not up-to-date extensions. To mention a few JCE/K2/Hikashop
So simply stated if you maintain your site insufficiently and you do not keep all upgraded you ask for problems

https://docs.joomla.org/Security_Checklist

Leo

[Geor]

http://en.wikipedia.org/wiki/Browser_Helper_Object is where Mandville refers at. ( BHOs are installed on your computer(!) by an outside software program)

Mandville asked you to post the content of the htaccess file here and not the file-structure.

Regarding permissions. Folders should always be '755' and files always '644'. Having folders and files on '777' is similar of going shopping while leaving your doors wide open and being amaze that when you return your home is empty.....https://docs.joomla.org/How_do_UNIX_fil ... ns_work%3F

Also fully outdated and not up-to-date extensions. To mention a few JCE/K2/Hikashop
So simply stated if you maintain your site insufficiently and you do not keep all upgraded you ask for problems

https://docs.joomla.org/Security_Checklist

Leo

Hi Leo.
-Ok it all now makes sense. My antivirus has removed 3 BHOs that i had for quite a long time,without any problems on the pc or the website.
-I have attached the htaccess file so you be the Judges
-I have this idea that i think will help locating the infected file. If i won't change the file permissions to the correct values,i will be able to locate maybe where the infected file might be (according to what i understand it should be in a file with 777 permission) Or you think this is not the case and i should change it immediately?
-My Joomla control panel tells me that all my extentions are up to date .

[mandville]

not all extensions will use the updater tool, go to extension manager and purcge the cache then find updates.
i briefly looked at the main three
K2 Version: 2.6.9
HikaShop Version: 2.4.0
JCE Version: 2.4.6

[Geor]

not all extensions will use the updater tool, go to extension manager and purcge the cache then find updates.
i briefly looked at the main three
K2 Version: 2.6.9
HikaShop Version: 2.4.0
JCE Version: 2.4.6

Ok. I have deleted 2 of them (because i dont use them) ,and i have updated the other one!

What should i do next?

[Geor]

not all extensions will use the updater tool, go to extension manager and purcge the cache then find updates.
i briefly looked at the main three
K2 Version: 2.6.9
HikaShop Version: 2.4.0
JCE Version: 2.4.6

Do you think that if i delete the website,and then restore a backup i have from a month ago would be the safest-easiest thing to do ?