SEO SPAM on site....

See: http://killmalware.com/flameclub.ru/
Severity: Suspicious
Reason: Detected suspicious redirection to external web resources at HTTP level.
Details: Detected HTTP redirection to htxp://web-redirect.ru/?web.
File size[byte]: 0
File type: Unknown
Page/File MD5: 00000000000000000000000000000000
Scan duration[sec]: 0.001000

Web application version:
Joomla Version 1.5.18 to 1.5.26 for: htxp://www.flameclub.ru/language/en-GB/en-GB.ini
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 2.5.26 or 3.3.5
ISSUE DETECTED DEFINITION INFECTED URL
SEO Spam MW:SPAM:SEO?s htxp://www.flameclub.ru
SEO Spam MW:SPAM:SEO?r htxp://www.flameclub.ru/index.php?option=com_content&view=article&id=6&Itemid=7
SEO Spam MW:SPAM:SEO?r htxp://www.flameclub.ru/index.php?option=com_content&view=article&id=32&Itemid=32
SEO Spam MW:SPAM:SEO?s htxp://www.flameclub.ru/produkciya/zazhigalki/reklamnye/
Website Malware MW:HTA:7

pol

nada…
https://www.virustotal.com/en/file/214f20a3393938dcbe0ba6198c50384ab18104b4d19ca223dcbe24a1a4db05a0/analysis/1417468652/

Well my good friend Pondus, that is all understandable.

The problem seems to affect Wordpress sites mainly but could also effect other kinds of scripts. The exploit seems to be cPanel specific and VlexoFree is now protected from it.
The exploit is nothing more than a defacement. No wordpress files have been changed as a result of the exploit. The only changes made by the exploit are to the wordpress database in the following locations: the wordpress title, charset, and widgets.
The following is a How-To to reverse the changes caused by the exploit.
Wordpress

Under Settings → reading, change charset from UTF-7 to UTF-8
Go to your widgets – delete the “Text” sidebar widget – (e.g breaks sidebars_widgets).
You will notice some Javascript code in it – will include something like this - " document.documentElement.innerHTML = unescape"
You will need to reset all your widgets as the hack removes them all.
Under Settings → General, change your site title back to what it was previously.
Ensure your wp-config.php file’s permissions are set to 600 - This can be done from within cPanel by going into your file manager.

Quoted from link: htxp://vlexofree.com/wiki/Exploit:_Hacked_by_badi

But something comes first, victims have no control over other insecure accounts that will be hacking vectors into their account. Victims will probably be constantly hacked unless you change hosts.

polonus

P.S. Another one: http://killmalware.com/satrak.ro/http://sitecheck.sucuri.net/results/www.satrak.ro/
link: htxp://www.satrak.ro/hacked%20by_files/a.htm giving a 404 error now.

D