Hi friends.
old client site at prestashop 1.6.1.7 with custom - was attacked.
paypal module - not installed, paypal payment way on site - not integrated.
but at payment form https://xxxxxxxxxx.ua/quick-order
we see fake paypal form (screen)
(really at this site have other standart pay modules - bank, cheque, and COD, but - They not visible!)
in sources page see bad codes(code listing),
we scan and find this with other variants and variables - nothing.
cleaning.zip - see more suspiciously files, but they not have bad codes (custom modules and theme)
has anyone encountered this ?
way to resolve this ?
----
how add example ?
script src="/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js" data-cf-settings="5d9bdb33b8cdd84910e78b76-|49">/script
body onload="WindowPaymentPaypal();
script type="5d9bdb33b8cdd84910e78b76-text/javascript" $(document).ready(function(){WindowPaymentPaypal();});/script>
script type="5d9bdb33b8cdd84910e78b76-text/javascript" $(window).load(function(){WindowPaymentPaypal();});/script>
script type="5d9bdb33b8cdd84910e78b76-text/javascript" var full = '--'; var _0xd951=
var _0x3977=["\x69\x6E\x70\x75\x74","\
and more
