My site may have been hacked. I recently found three folders on my website that I didn't put there. Each contains several PHP script files and two contain javascript files. I downloaded the folders to my computer and deleted them from my site.

 I also found the following line in the code of 7 of 8 pages in my root directory: "<?php include('pdfs/manual.pdf'); ?>". The manual.pdf file was not in the PDFs folder. When I discovered it, I thought it I may have mistakenly uploaded it as there were a couple of PDFs that I had mistakenly uploaded. Thinking it was a file that I mistakenly uploaded, I tried to open it and got an error, which makes me think it could be malware. I'm running some scanning software as I write this. I have changed the password to my hosting account and delete the files as well as re-uploaded my website files that had the offending code in it. Here are some screen shots in the event that this might help.






Any advice on what I need to do next is greatly appreciated. I'm not very experience in web design or web management. According to the virus scan I just did I my computer has a trojan:java/agent.b, which I have tried to remove by deleting the java temporary file via the control panel

Thanks

Same issues - I'm on Sava

same issues here as well + they uploaded files with "porn-type" names in an out of the way folder/location that I didn't notice until my rankings tanked!
I'm on the pallus server.

This might also serve as a good reminder to some to backup early and often.  We provide several ways for you to backup your hosting account, as explained here:

http://wiki.lunarpages.com/Backups

Also changing your passwords (NEVER user a dictionary-based word, always use a mix of letters and numbers, all mixed up.  The more complicated, the better) and user names (if the situation calls for it) often can help with this too.  As for the comments of Most hosting companies will help you clean up the carnage, this is not the case.  Here at Lunarpages, we can do as much as we can to help, however - if it was a security related issue with a users PC (such as they were infected with a virus) there is only so much we can do as your web hosting provider.  However, the forums are always here to ask for advice and help in situations like this.

Unfortunatly LP isn't much help with this stuff.  I had to write custom cron jobs to scan ALL of my directories and systematically clean them.  I also updated all FTP and MySQL passwords, and started denying IP addresses after about 2 months the activity finally stopped

So if we have a a back up from a few months ago via control panel we can pay lunarpages to restore it and that will fix any hacked junk put on the server for sure? Even if they added files? Then all I need to do is fix inventory - might be easier than battling this for the first time.