6 hours ago, Maxflor said:Hi, I found how to remove the fictitious payment module and also found antivirus 3 viruses on my server. The payment module adds to the js file - this is usually a file that contains capital letters and numbers - so you delete it. We're working to find out where it's coming from.
We have changed the complete admin login, also the names of the passwords to the database. If I find out anything, I write here.
...the module recommended above would help tell you where it's coming from. My 1.4 shop got hacked, I wanted a solution that would monitor shop files and tell me when a change occurs. I'm not here to sell modules or solicit work, incredible you would just disregard this option. ave mari
also you did not mention changing ftp, you will want to do that...
a cute trick, once you restore corrupted file make it read only....