Question Hacked via com_kunena/template/cripsys/assets

Hello. This morning I got malware problems. I got lots of cache files and my site was desactivated. In my hosting they said that trouble comes from com_kunena/template/cripsys/assets folder.

How can I find there malicious files?

What kind of malware problems do you have? Which hosting provider do you having.

Also please add kunena report.

Thnak you.
In the attachment my malware file.
My hosting is bluehost.

Rigth now I can't make kunena report due to my site is down. Can I do it via hosting? Can you please explain how?

malware file in the attachment

You need access to the backend.
Else download your site, and use a localhost.

blog.sucuri.net/2017/02/joomla-security-...ign-in-the-wild.html

You need to look into your files to: base64_decode, we use this codes.

if you see any code like: Then you are infected.

I have access to backend. But which file should I check?
All files from com_kunena/template/cripsys/assets folder?
But there lots of files are just image files.
Should I search in some another files?

Recently I had some robot users....I deleted then. Can they be the reason of malwares? If I only delete that users will my problem be solved?

If your system is compromised, it does not help to delete a robot user. You can rename the folder assets and Kunena install again, then the folder will created new (including all files).
But I'm not sure if your system is clean afterwards. I miss an important information. How current are your installations of your site (including all extensions)? Please add a configuration report: docs.kunena.org/en/faq/configuration-report

Further informations:
www.joomshaper.com/blog/my-joomla-site-was-hacked-what-to-do

this is my configuration report

Database collation check: The collation of your table fields are correct

Joomla! SEF: Enabled | Joomla! SEF rewrite: Enabled | FTP layer: Disabled |

This message contains confidential information

htaccess: Exists | PHP environment: Max execution time: 30 seconds | Max execution memory: 256M | Max file upload: 64M

Kunena menu details:

Warning: Spoiler!

ID	Name	Menutype	Link	Path	In trash
802	Forum	kunenamenu	view=home&defaultmenu=802	forum	No
803	Asosiy	kunenamenu	view=category&layout=list&catid=0	forum/asosiy	No
804	Oxirgi mavzular	kunenamenu	view=topics&mode=replies	forum/oxirgi-mavzular	No
805	Yangi mavzu	kunenamenu	view=topic&layout=create&catid=	forum/newtopic	No
806	Javob yo'q	kunenamenu	view=topics&mode=noreplies	forum/noreplies	No
807	Mening mavzular	kunenamenu	view=topics&layout=user&mode=default	forum/mylatest	No
808	Profil	kunenamenu	view=user	forum/profile	No
809	Yordam	kunenamenu	view=misc	forum/help	No
810	Izlash	kunenamenu	view=search	forum/izlash	No

Joomla default template details : jm-school-tools | author: joomla-monster.com | version: 1.02 | creationdate: 12/04/2013

Kunena default template details : Crypsisb3 | author: Kunena Team | version: 5.0.14 | creationdate: 2018-03-14

Kunena template params:

Warning: Spoiler!

DefaultCategoryicon
profileIconset	default
DefaultIconset	default
editorIconset	default
lightboxColor	white
borderless	1
tooltips	1
SubjectLengthMessage	80
fullactions	1
quick	0
displayMenu	1
displayDropdownMenu	1
displayDropdownContent	1
displayModule	1
displayBreadcrumb	1
displayAnnouncement	1
displayFooter	1
avatarPosition	left
formRecover	0
labels	0
whoisonlineName	default
avatarType	img-rounded
topicicontype	B3
fontawesome	0
icons	0
socialshare	0
socialsharetag
socialtheme	classic
writeaccess	0
localstorage	0
video	1
maps	1
emoticons	1
twitter	1
ebay	1
link	1
picture	1
hide	1
spoiler	1
table	1
code	1
quote	1
divider	1
instagram	1
soundcloud	1
confidential	1
hr	1
listitem	1
supscript	1
subscript	1
numericlist	1
bulletedlist	1
alignright	1
alignleft	1
center	1
underline	1
italic	1
bold	1
strikethrough	1
colors	1
size	1
IconColor	inherit
IconColorNew	#48a348
avatarSizeX	40
avatarSizeY	90
avatarSizeXThumb	36
avatarSizeYThumb	36
avatarSizeXWelcome	72
avatarSizeYWelcome	72
avatarSizeXList	36
avatarSizeYList	36
avatarSizeXPost	144
avatarSizeYPost	144
avatarSizeXProfile	200
avatarSizeYProfile	200
templatebyText
templatebyName
templatebyLink

Kunena version detailed: Kunena 5.0.14 | 2018-03-14 [ Stephen Hawking ]
| Kunena detailed configuration:

Warning: Spoiler!

Kunena config settings:
board_offline	1
enablerss	0
threads_per_page	20
messages_per_page	20
messages_per_page_search	15
showhistory	1
historylimit	6
shownew	1
disemoticons	0
template	crypsisb3
showannouncement	1
avataroncat	0
catimagepath	category_images
showchildcaticon	1
rtewidth	450
rteheight	300
enableforumjump	1
reportmsg	1
username	1
askemail	0
showemail	0
showuserstats	1
showkarma	0
useredit	1
useredittime	0
useredittimegrace	600
editmarkup	1
allowsubscriptions	1
subscriptionschecked	0
allowfavorites	1
maxsubject	50
maxsig	300
regonly	0
pubwrite	0
floodprotection	0
mailmod	0
mailadmin	0
captcha	0
mailfull	1
allowavatarupload	1
allowavatargallery	1
avatarquality	75
avatarsize	2048
imageheight	1200
imagewidth	1200
imagesize	2400
filetypes	txt,rtf,pdf,zip,tar.gz,tgz,tar.bz2
filesize	120
showranking	1
rankimages	1
userlist_rows	30
userlist_online	1
userlist_avatar	1
userlist_posts	1
userlist_karma	0
userlist_email	0
userlist_joindate	1
userlist_lastvisitdate	1
userlist_userhits	1
latestcategory
showstats	1
showwhoisonline	1
showgenstats	1
showpopuserstats	1
popusercount	5
showpopsubjectstats	1
popsubjectcount	5
showspoilertag	1
showvideotag	1
showebaytag	0
trimlongurls	1
trimlongurlsfront	40
trimlongurlsback	20
autoembedyoutube	1
autoembedebay	1
ebaylanguagecode	en-us
sessiontimeout	1800
highlightcode	0
rss_type	topic
rss_timelimit	month
rss_limit	100
rss_included_categories
rss_excluded_categories
rss_specification	rss2.0
rss_allow_html	1
rss_author_format	name
rss_author_in_title	1
rss_word_count	0
rss_old_titles	1
rss_cache	900
defaultpage	recent
default_sort	asc
sef	1
showimgforguest	1
showfileforguest	1
pollnboptions	14
pollallowvoteone	1
pollenabled	1
poppollscount	5
showpoppollstats	1
polltimebtvotes	00:15:00
pollnbvotesbyuser	1
pollresultsuserslist	1
maxpersotext	50
ordering_system	mesid
post_dateformat	datetime
post_dateformat_hover	datetime_today
hide_ip	1
imagetypes	jpg,jpeg,gif,png
checkmimetypes	1
imagemimetypes	image/jpeg,image/jpg,image/gif,image/png
imagequality	50
thumbheight	32
thumbwidth	32
hideuserprofileinfo	put_empty
boxghostmessage	0
userdeletetmessage	0
latestcategory_in	1
topicicons	1
debug	0
catsautosubscribed	0
showbannedreason	0
showthankyou	1
showpopthankyoustats	1
popthankscount	5
mod_see_deleted	0
bbcode_img_secure	image
listcat_show_moderators	0
lightbox	1
show_list_time	720
show_session_type	0
show_session_starttime	0
userlist_allowed	0
userlist_count_users	0
enable_threaded_layouts	0
category_subscriptions	topic
topic_subscriptions	disabled
pubprofile	0
thankyou_max	25
email_recipient_count	0
email_recipient_privacy	bcc
captcha_post_limit	0
image_upload
file_upload	registered
topic_layout	flat
time_to_create_page	0
show_imgfiles_manage_profile	1
hold_newusers_posts	0
hold_guest_posts	0
attachment_limit	0
pickup_category	0
article_display	intro
send_emails	1
fallback_english	1
cache	1
cache_time	180
iptracking	1
rss_feedburner_url
autolink	1
access_component	1
statslink_allowed	1
superadmin_userlist	0
legacy_urls	1
attachment_protection	0
categoryicons	1
avatarresizemethod	1
avatarcrop	0
user_report	1
searchtime	365
teaser	0
ebay_language	0
allow_change_subject	1
max_links	6
read_only	0
ratingenabled	0
url_subject_topic	0
log_moderation	1
attach_start	0
attach_end	14
attachment_utf8	1
autoembedsoundcloud	1
emailheader	/media/kunena/email/hero-wide.png
user_status	1
plain_email	0
moderator_permdelete	1
recaptcha_publickey	6LfO1QsTAAAAAF_otLIk9sMn0pWW_sB_pC1wnnrP
recaptcha_privatekey	6LfO1QsTAAAAAPJoaC2Ppz84vRry8rmmxaFecC_Y
recaptcha_theme	white
keywords	0
userkeywords	0
userlist_name	1
usernamechange	0
version_check	1
userlist_usertype	0
sefutf8	0

| Kunena integration settings:

Warning: Spoiler!

Kunena - Finder Disabled
Kunena - AlphaUserPoints Disabled
Kunena - AltaUserPoints Disabled
Kunena - Community Builder Disabled
Kunena - Easyblog Disabled
Kunena - Easyprofile Disabled
Kunena - Easysocial Disabled
Kunena - Gravatar Disabled
Kunena - JomSocial Disabled
Kunena - Joomla Enabled: access=1 login=1
Kunena - Kunena Enabled: avatar=1 profile=1
Kunena - UddeIM Enabled: private=1

| Joomla! detailed language files installed:

Warning: Spoiler!

Joomla! languages installed:
en-GB	English (en-GB)

Third-party components: UddeIM 3.7

Third-party SEF components: None

Plugins: None

Modules: Kunena Latest 5.0.3

the strange thing is that in hosting file manager --- cache folder....it becomes more than 24 MB for several hours. Cache is coming from kunena forum.And if I don't delete this immidietly it becomes more and more and my hosting shut down my domain.
What is this? What makes my forum to do this big cache? Also my forum is offline now..