I hope someone can help me get rid of a malware that is re-directing my students to a ".ru" website selling Viagra.
I have all my courses in Moodle 1.9.10. My site was hacked around Dec 24th, and I discoverd a malicious Troyan (php file) in one of my website folders just by chance. I did get rid of that php, and thought that things were fine.
Yesterday, several syudents reported that when they click on the "blog" tab within their "profile" window, they eitehr get re-directed to a Viagra website, or their antivirus refuses to render the link warning that there is an unsafe ".ru" website.
Has anyone encounter this problem before? How can I get rid of the problem, where do I have to look for the offending file? I don't know if there are more tabs that will reproduce this problem, but if it is only the "blog", can I get rid of that tab (I don't use the blog for my classes). Any suggestion will be welcome.