website got hacked...

Hi!

I have a little problem. Someone hacked my website a while ago and installed some kind of a redirect to a advertisting website... Anyway I had a backup and installed that and changed the joomla password and everything seemed to be back normal. But today I saw that the same redirect was installed again and I guess someone hacked the website again. However I installed a backup again and checked if there were any strange files. In the module folder there was a module called "mod_php" which I never installed or never used, so I deleted it and the website seems to work still normal. This time however I didn't delete the old webpage, so if you go to www.aurum.ch/rudern you'll see my old website, which will redirect you to some advertising website if you wait maybe one minute. My regular webpage is: www.silvanzehnder.ch.

Does anyone see what code or what file could cause this redirect from my old website to the advertising website? And does anyone has an idea how I can check if there are still files which could have been hacked or modified so that the hacker can enter my webpage?

If you find a solution I would be happy to pay for it...

thank you vey much and best regards

Silvan

First of all please check the plugins because this more looks like some plugin rather than module. If someone hacked your site several files may be modified so maybe the easiest way is to download clean Joomla! and compare backup package with the clean one. You should see differences only in additional modules like News Show Pro and in template directory, other core Joomla! files should be the same.