On a vbulletin site (last version 4.2 patch) securi dot net report this malware
sucuri dot net/malware/entry/MW:JS:DEPACK
I presume was installed before to update vbulletin with the patch update (the board was not updated for some days after [login to view URL] made this warning). Now are installed last versions of vbulletin and vbseo, and re-uploaded all original files, but I think the hacker made a sql injection or something that could re-install the javscript malware.
One of administrator account was hacked. After deleting spam thread posted by this admin, I removed him as admin (now is a limited user)
I made several checks (deleted many old files or not of vbulletin, searched in template file, searched in phpmyadmin)
Active plugins:
VBSEO (3.6 pl2)
Ban thread user (vbulletin dot org/forum/[login to view URL])
Forum category icons (vbulletin dot org/forum/[login to view URL] )
Forum Title
Tapatalk
vB4 Import External Images
Z - XPBL (x post befor post links)
Style: premium style bought at purevb dot com
Server: dedicated
Goal: check suspected files and database, find and remove the malware as soon as possible, "close the door". Feel free to ask more details on PM,