Malware in Menubar section of site - Joomla! Forum - community, help and support

i have malware on menu bar section, in index.php , have removed successfully, don't know coding part of menu bars.

so please assist me.

problem description :: forum post assistant (v1.2.3) : 23rd october 2012 wrote:malware on menu bar links

log/error message :: forum post assistant (v1.2.3) : 23rd october 2012 wrote:iframe src etc

log/error message :: forum post assistant (v1.2.3) : 23rd october 2012 wrote:iframe malware

actions taken resolve forum post assistant (v1.2.3) 23rd october 2012 wrote:removed index page, don\'t know can remove links.

forum post assistant (v1.2.3) : 23rd october 2012 wrote:

basic environment :: wrote:joomla! instance :: joomla! 1.5.20-stable (senu takaa) 18-july-2010
joomla! configured :: yes | writable (644) | owner: 8625 (uid: /gid: ) | group: 59277295 (gid: ) | valid for: 1.5
configuration options :: offline: 0 | sef: 1 | sef suffix: 0 | sef rewrite: 1 | .htaccess/web.config: yes | gzip: 0 | cache: 0 | ftp layer: 0 | ssl: 0 | error reporting: -1 | site debug: 0 | language debug: 0 | database credentials present: yes

host configuration :: os: linux | os version: 2.6.31.12.with.authcache+pxeboot_cmdline_4096 | technology: i686 | web server: apache | encoding: gzip,deflate,sdch | doc root: /services/webpages/m/e/mediaphotobooth.com/public | system tmp writable: yes

php configuration :: version: 5.3.14 | php api: apache2handler | session path writable: unknown | display errors: | error reporting: 1 | log errors to: | last known error: | register globals: 1 | magic quotes: 1 | safe mode: 0 | open base: | uploads: 1 | max. upload size: 250000000 | max. post size: 250000000 | max. input time: -1 | max. execution time: 60 | memory limit: 256m

mysql configuration :: version: 5.5.25 (client:5.0.51a) | host: --protected-- (--protected--) | collation: latin1_swedish_ci (character set: latin1) | database size: 2.81 mib | #of tables:  70

detailed environment :: wrote:php extensions :: core (5.3.14) | date (5.3.14) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | calendar () | ctype () | curl () | dba () | dom (20031129) | hash (1.0) | fileinfo (1.0.5-dev) | filter (0.11.0) | ftp () | gd () | gettext () | spl (0.2) | iconv () | session () | json (1.2.1) | mbstring () | mcrypt () | mssql () | mysql (1.0) | mysqli (0.1) | standard (5.3.14) | pdo (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | phar (2.0.1) | reflection ($id: 522fef1e5100f848a5e2059d98b3a880a3143e9a $) | imap () | simplexml (0.1) | siteguard () | soap () | sockets () | sqlite (2.0-dev) | exif (1.4 $id$) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlwriter (0.1) | xsl (0.1) | zip (1.9.1) | apache2handler () | zend engine (2.3.0) |
potential missing extensions :: suhosin |

switch user environment (experimental) :: php cgi: no | server su: no | php su: no | custom su (litespeed/cloud/grid): no
potential ownership issues: maybe

apache modules :: core | mod_authn_file | mod_authn_default | mod_authz_host | mod_authz_groupfile | mod_authz_user | mod_authz_default | mod_auth_basic | mod_include | mod_filter | mod_deflate | mod_log_config | mod_env | mod_expires | mod_headers | mod_setenvif | mod_version | mod_proxy | mod_proxy_connect | mod_proxy_ftp | mod_proxy_http | mod_proxy_scgi | mod_proxy_ajp | mod_proxy_balancer | mod_ssl | prefork | http_core | mod_mime | mod_autoindex | mod_asis | mod_cgi | mod_vhost_alias | mod_negotiation | mod_dir | mod_actions | mod_speling | mod_userdir | mod_alias | mod_rewrite | mod_so | mod_php5 | mod_fpcgid | mod_wiredminds | apache |
potential missing modules :: mod_security | mod_evasive | mod_dosevasive | mod_qos | mod_userdir |

folder permissions :: wrote:core folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

elevated permissions (first 10) ::

database information :: wrote:database _fpa_stats :: uptime: 64596 | threads: 68 | questions: 79430053 | slow queries: 0 | opens: 127491 | flush tables: 1 | open tables: 54576 | queries per second avg: 1229.643 |

extensions discovered :: wrote:components :: site :: mailto (1.5.0) | default (1.0.0) | piccolos (1.0) | user (1.5.0) | wrapper (1.5.0) |
components :: admin :: ag_google_analytics2 (1.1.0) | aicontactsafe (2.0.16.beta15) | aicontactsafe (1.0.0) | aicontactsafe module (1.0.12.stable) | aicontactsafe - form (1.0.15.stable) | aicontactsafe - link (1.0.10.stable) | banners (1.5.0) | cache manager (1.5.0) | configuration manager (1.5.0) | contact items (1.0.0) | content page (1.5.0) | control panel (1.5.0) | dj image slider (1.2.3 stable) | flash-gallery (4.1.2) | forme (1.0.6) | frontpage (1.5.0) | installation manager (1.5.0) | language manager (1.5.0) | mass mail (1.5.0) | media manager (1.5.0) | menus manager (1.5.0) | messaging (1.5.0) | module manager (1.5.0) | newsfeeds (1.5.0) | phocagallery (2.8.0) | piccolos (1.0) | plugin manager (1.5.0) | polls (1.5.0) | rokquickcart (1.3) | search (1.5.0) | template manager (1.5.0) | trash (1.0.0) | user manager (1.5.0) | weblinks (1.5.0) | zoo (2.4.2) |

modules :: site :: archived content (1.5.0) | banner (1.5.0) | breadcrumbs (1.5.0) | custom html (1.5.0) | dj image slider (1.2.2 stable) | dj image tabber (1.1.2 stable) | feed display (1.5.0) | footer (1.5.0) | latest news (1.5.0) | login (1.5.0) | menu (1.5.0) | read content (1.5.0) | newsflash (1.5.0) | piccolos (1.0.0) | poll (1.5.0) | random image (1.5.0) | related items (1.0.0) | search (1.0.0) | sections (1.5.0) | statistics (1.5.0) | syndicate (1.5.0) | sys (1.0.0) | system (1.0.0) | who\'s online (1.0.0) | wrapper (1.0.0) | zoo accordion (2.4.0) | zoo carousel (2.4.0) | zoo category (2.4.0) | zoo comment (2.4.0) | zoo drawer (2.4.0) | zoo item (2.4.0) | zoo maps (2.4.0) | zoo scroller (2.4.0) | zoo slider (2.4.0) | zoo tag (2.4.0) | joomla system 0.1 (1.0.1) |
modules :: admin :: custom html (1.5.0) | feed display (1.5.0) | footer (1.0.0) | latest news (1.0.0) | logged in users (1.0.0) | login form (1.0.0) | admin menu (1.0.0) | online users (1.0.0) | popular items (1.0.0) | quick icons (1.0.0) | items stats (1.0.0) | user status (1.5.0) | admin submenu (1.0.0) | title (1.0.0) | toolbar (1.0.0) | unread items (1.0.0) | zoo quick icons (2.4.0) |

plugins :: site :: authentication - example (1.5) | authentication - gmail (1.5) | authentication - joomla (1.5) | authentication - ldap (1.5) | authentication - openid (1.5) | content - email cloaking (1.5) | content - example (1.0) | content - code highlighter (ge (1.5) | content - load modules (1.5) | content - pagebreak (1.5) | content - page navigation (1.5) | content - rokbox (1. | content - vote (1.5) | editor - tinymce 3 (3.2.6) | editor - xstandard lite jo (1.0) | button - image (1.0.0) | button - pagebreak (1.5) | button - readmore (1.5) | search - categories (1.5) | search - contacts (1.5) | search - content (1.5) | search - newsfeeds (1.5) | search - sections (1.5) | search - weblinks (1.5) | zoo search (2.4.0) | system - backlinks (1.5) | system - cache (1.5) | system - debug (1.5) | system - legacy (1.5) | system - log (1.5) | system - mootools upgrade (1.5) | system - remember me (1.5) | system - sef (1.5) | zoo event (2.4.0) | system - rokbox (2.7) | user - example (1.0) | user - joomla! (1.5) | xml-rpc - blogger api (1.0) | xml-rpc - joomla api (1.0) |

templates discovered :: wrote:templates :: site :: beez (1.0.0) | ja_purity (1.2.0) | media_photo_booth (1.0.2) | rhuk_milkyway (1.0.2) |
templates :: admin :: khepri (1.0) |

initital reactions:
removing code doesnt cure how got there.
sites version out of date exploitable
tinymce out of date exploitable
aicontactsafe out of date etc
apache handler - missing supphp
suggestion - follow checklist