منتدى استراحات زايد

We have been fighting a malware attack for 2 weeks. Our ISP indicates our FTP account was comprimised. We have now changed all passwords related to our site.

When the ISP tried to removed the malware they were unable to remove all the infected files and issued the following statement:

It seems that the hacker have infected some vbulletin specific include files. That's why, the /forum/index.php seems to be clean but the statusbar in Firefox is still trying to redirect to the following sites:

+++++++++
open-phone.net -- 194.150.248.80
bosch-pl.r6r.ru -- 89.108.67.115
malina-art.fr -- 213.186.33.2
++++++++++

I have now blocked those IPs in our server's firewall, to control this situation, until your scripts are fixed.

Please note that these sites are NOT hosted on our server. These sites are called by your scripts and are hosted somewhere else (that we do not have control over).

To resolve this situation, I would recommend you to contact a vbulletin programmer, who can audit your scripts and remove the hacker's code.

It has been suggested to upload a fresh copy of my vbulletin. Would that be the correct move to solve our issue?

If uploading a fresh copy is the correct solution. Can I do this without losing my threads and posts?

Thank you in advance