Malware Infection of My Website

My website seems to be hacked?
I received this message from Tech Support.

Hello,

It appears that malicious code has been uploaded to your account using a stolen username and password. At this time, I have removed the malicious code from the account.

From our experience with malware of this nature, the account passwords are stolen using viruses/malware located on your local computer. This malware sniffs out passwords used and stored by installed applications. In order to protect against future attack, you will need to run full virus and malware scans on your computers to ensure that they are clean. I recommend using multiple scanners as we have found that some scanners do not detect the malware.

You should clean your computer using the instructions found here: http://forums.majorgeeks.com/showthread.php?t=35407 . After the clean has completed, please change all account passwords. Failure to clean your computer and change your passwords will likely result in further infection of your site.

I did check to see the backup we had, unfortunately the backup was taken after the account was already compromised due to this we do not have an backup we can restore the web site so that the web site fully functions as it did previously. If you have an backup archive prior to Jan 23, to please provide it to us and we can restore it for you. Our backups are taken weekly with each new backup overwriting the previous backups.

Please let us know if you have any further questions

I went through all the steps for cleaning as instructed.
Here is the Log results: (Attached)
No TDS Log (Nothing was Found

Any help would be appreciated.

My HP Laptop shows no outward signs of infection and is the only computer to access the websites Zen Cart Manager.

 

Thanks for looking at my logs, no other computer but my HP has accessed the Zen Cart Manager, I don't know if my Host has been in there?

Site went down a few days ago and my Host Manager in Canada is working to restore it from Her backups, for a fee.

I just needed to know if it was my computer that was hacked.
Thanks Again,
rapidrg

 

Not in the last 2 months, but 2 months ago I used a secure RV Park Web access for part of a month, but I don't beleive I accesed Zen Cart during that stay?

We are SnowBirding in an RV and I am using my Verizon 4G Samsug HotSpot for Internet access, with a secure sign in.

We run a large Ebay business with occasional sales on the website. I rarely open the websites Zen Cart, mayby once a month.

rapidrg

 

Message to my Host:

The Geeks say my computer is clean, but someone could have gotten in thru an unsecured host, like a Hotel or McDonalds Hotspot? We used a Web Provider at the Cal Expo RV Park on a stay there in November? I don't think I accessed Zen Cart during that stay?

Reply:

It's so hard to say. Support did change the password, which is only stored in my email currently. This is what I'm working with during the restore.

Once I am finished, I am going to delete the email and just keep the password written in your file. I keep my computer very protected, but I am going to do a clean, as well, when I am finished here. I don't think they knew for sure that it was the cpanel password, and am wondering if there is something in the older version security that may have let them in via the admin area. I just read somewhere that it is beneficial to password protect that directory as well, which I will do.