Joomla Website Malware Issue

Recently my Joomla website (www.2020glass.com) was hacked and injected with malicious malware. I had to have all my website files restored from an earlier date to complete solve the problem.

It turns out either it was not a complete solution, or more malware has been injected into my site. I discovered this by doing a google search for my company and finding that the "Site may be compromised." I contacted HostGator and this is what they responded with:

>>Per your request we scanned the account for installations of known malicious content. The following is a summary of our findings:

The following file was found to contain know malicious content:

File: /home/glass/public_html/templates/rt_zephyr_j15/index.php
User: glass, Group: glass
Size: 12139
Modify: Sun, 06 Jan 2013 17:36:43 -0600 (1357515403)
Change: Sun, 06 Jan 2013 17:36:43 -0600 (1357515403)

The file was compromised via Joomla Using the Joomla Admin Login Credentials:

/home/apachelogs/glass/2020glass.com-Jan-2013.gz: 91.207.6.2 - - [06/Jan/2013:17:36:42 -0600] "POST /administrator/index.php HTTP/1.1" 303 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 GTB5"

This type of compromise is typical of a malware or virus installation on a PC or workstation that has been used to login to the account. The malicious software scans for login credentials or logs keyboard activity and reports it back so as to exploit your account(s). It is necessary that the user do a scan of the infected system and remove any malicious software.<<

They referred me to your site and I performed all of the instructions for malware removal. The programs found very little if anything wrong. I'm attaching the logs. Any ideas on how/why this is happening? The password I had for my Joomla login credentials was created by HostGator this last time around and was a very difficult password so I don't think anyone could possible have guessed it.

Thanks,
Matt

 

One more additional file.