Hello,
here was “favorideas.com/2daf778b87c90c055cead7323ecf8bc6/q.php” (backhole2 exploit), can you confirm that you have cleaned it? I suggest to change all passwords and update all systems.

Milos