Hacked and need help asap!!!

I don't know ,have ; you got your satisfied  answer .?if not ,contact me e-mail:[email protected]

Does anyone know what the other files in the script folder are for?

Because the same script in the public.js file exist in the admin.js script.

I also have in this folder:

jquery-1.4.min.js
jquery.idTabs.min.js
jquery.superfishmenu.js
public.js
slimbox2.js

Thanks

lavilan7 wrote:

Everything but public.js is related to jquery.  I'm not sure what public.js is actually doing.

This is very interesting. I have a 1.9 dev server up, I will check into which files actually depend on public.js

Question for OP: Do you happen to do your nopCommerce hosting through arvixe.com?

fyi: http://www.mywot.com/en/scorecard/arvixe.com

Files That Use The Functions In public.js

BTW: NopCommerceStore\Scripts\admin.js is identical to public.js

Find all "(<OpenWindow\([^"\r\n\)\(]*)", Match case, Regular expressions, Subfolders, List filenames only, Find Results 2, "Entire Solution"
  NopCommerceStore\Administration\Modules\CategoryDetails.ascx.cs
  NopCommerceStore\Administration\Modules\CategoryProduct.ascx.cs
  NopCommerceStore\Administration\Modules\CrossSellProducts.ascx.cs
  NopCommerceStore\Administration\Modules\ManufacturerDetails.ascx.cs
  NopCommerceStore\Administration\Modules\ManufacturerProducts.ascx.cs
  NopCommerceStore\Administration\Modules\OrderDetails.ascx.cs
  NopCommerceStore\Administration\Modules\ProductDetails.ascx.cs
  NopCommerceStore\Administration\Modules\ProductVariantDetails.ascx.cs
  NopCommerceStore\Administration\Modules\RelatedProducts.ascx.cs
  NopCommerceStore\Modules\OrderSummary.ascx.cs
  NopCommerceStore\Scripts\admin.js
  NopCommerceStore\Scripts\public.js
  Matching files: 12    Total files searched: 3420

Find all "(<getE\([^"\r\n\)\(]*)", Match case, Regular expressions, Subfolders, List filenames only, Find Results 1, "Entire Solution"
  NopCommerceStore\Administration\Modules\DiscountInfo.ascx
  NopCommerceStore\Administration\Modules\GlobalSettings.ascx
  NopCommerceStore\Administration\Modules\ProductInfoAdd.ascx
  NopCommerceStore\Administration\Modules\ProductVariantInfo.ascx
  NopCommerceStore\Administration\Modules\ShippingSettings.ascx
  NopCommerceStore\Administration\Modules\TaxSettings.ascx
  NopCommerceStore\Administration\Modules\ThirdPartyIntegration.ascx
  NopCommerceStore\Administration\Modules\TopicInfo.ascx
  NopCommerceStore\Modules\ForumSearch.ascx
  NopCommerceStore\Modules\Search.ascx
  NopCommerceStore\Modules\UserAgreementControl.ascx
  NopCommerceStore\Scripts\admin.js
  NopCommerceStore\Scripts\public.js
  Matching files: 13    Total files searched: 3420

public.js/admin.js

/* This function returns a DOM element by ID.
 * To put it simply:
 * This grabs a html tag ie: <a id="tagIdName" ></a> and returns it. This function 
 * implements several different methods of retrieving the tag, which is dependent 
 * on which kind of browser you are using; consequently, this provides backwards
 * compatibility for older browsers and should not be removed.
 * NOTE: even though this provides backwards compatibility, it tries to use the most
 * current version rather than the oldest.
 */
function getE(name) {
   /* If the getElementById function exists, use it. */
    if (document.getElementById) var elem = document.getElementById(name);

    /* Else, see if the document.all array exists, if so use it */
    else if (document.all) var elem = document.all[name];

    /* Else, see if the document.layers array exists, if so use it */
    else if (document.layers) var elem = document.layers[name];

    /* return the variable elem that was set in the priors ... returns nothing if nothing was compatible. */
    return elem;
}

/* This is an interesting function as it provides a method to create "pop up windows".
 * It creates a window that id in the direct center of your screen regardless of the w, h
 * passed in. the "_blank" property in the window.open is the key here. This means that
 * it will open a blank window and the query string is the url that the window will
 * navigate to.
 */
function OpenWindow(query, w, h, scroll) {
    var l = (screen.width - w) / 2;
    var t = (screen.height - h) / 2;

    winprops = 'resizable=0, height=' + h + ',width=' + w + ',top=' + t + ',left=' + l + 'w';
    if (scroll) winprops += ',scrollbars=1';
    var f = window.open(query, "_blank", winprops);
}

In conclusion, these files are relatively harmless; however, if your server were compromised, directories not secured, your web.config file changed, etc. that could explain the behavior you are getting.

Yes, my host is Arvixe