How did you identify this infection and how did you locate it?
Did you verify if your joomla installation is fully up to date, incluing all plugins?
Do you have a backup that you could consider as clean?
Do you use mod_php or su_php?
I'd personally recommend at least wiping the whole joomla installation, create it up to date from scratch and migrate the content in. Its much time and effort but its a safer way to not have any backdoors in that area of the system.
generally spoken reinstall the whole server from scratch, and reinstall / copy alls applications ony by one after verifying them as good as you can, that they are clean.
|