574108 Remote malware on vbulletin

On a vbulletin site (last version 4.2 patch) securi dot net report this malware sucuri dot net/malware/entry/MW:JS:DEPACK I presume was installed before to update vbulletin with the patch update (the board was not updated for some days after [login to view URL] made this warning). Now are installed last versions of vbulletin and vbseo, and re-uploaded all original files, but I think the hacker made a sql injection or something that could re-install the javscript malware. One of administrator account was hacked. After deleting spam thread posted by this admin, I removed him as admin (now is a limited user) I made several checks (deleted many old files or not of vbulletin, searched in template file, searched in phpmyadmin) Active plugins: VBSEO (3.6 pl2) Ban thread user (vbulletin dot org/forum/[login to view URL]) Forum category icons (vbulletin dot org/forum/[login to view URL] ) Forum Title Tapatalk vB4 Import External Images Z - XPBL (x post befor post links) Style: premium style bought at purevb dot com Server: dedicated Goal: check suspected files and database, find and remove the malware as soon as possible, "close the door". Feel free to ask more details on PM,