Once you have found that your site is hacked and its files are infected, you need to perform a number of actions:
1. If you use MS Windows software, check your computer for viruses. To do this, you can, for example, download an antivirus program, install it on your PC, start scanning for viruses and, if they are detected, remove it from your computer.
If no viruses were detected → see point 2.
2. Change the password to enter the hosting account. This can be done on the NIC.UA account in the Hosting menu by clicking on the gear on the right side of the order. In the "password" - "change" field, you can generate a new password.
3. Check all files for malicious scripts or re-download all site files.
4. If you use CMS content management systems, for example, Joomla or WordPress, then you need to monitor the relevance of the versions of the systems themselves and their modules or components. Timely updating of versions significantly reduces the risk of infection of your sites.
We strongly recommend that you do not save account passwords in FTP managers (Total Commanter, File Zilla, CuteFTP) and browsers since passwords are stored there in an unencrypted form.
To work with site files in OS Windows, we recommend using a more secure SSH protocol (WinSCP program, more information at https://en.wikipedia.org/wiki/WinSCP).
Vyacheslav Lucheninov (Migrated deleted Agent)