I got the Pharma hack on my Joomla site a few months ago and I have taken actions against it. I have removed inserted code, removed files, upgraded everything to the latest versions, changed permissions, checked logs and blocked some IP's, checked the DB, uninstalled components/modules/plugins and installed a web firewall but STILL Google shows a few hundred Pharmacy spam links when checking with site:domain.com For example: Discount Xanax (.)(.) Canadian DrugStore discount xanax Weights about. What do you have added friends, you can top a nickname like the weekender. Do not increase dose or frequency. www.domain.com/index.php?96323k1m I downloaded all the files in my web folder to my local computer, scanned the files for "Xanax" and "96323k1m", both in clear text and using the base64 encoded versions but I cant find anything. Whats even stranger is that when I use Google webmaster tools to view the page through GoogleBot view it doesnt show any of the text that is shown when using site:domain.com. Is my site clear from spam links despite what site:domain.com says OR havent I found the last parts yet?
maybe your server was hacked if your site is very important - reinstall server and all scripts to security analytics if not - search source and mysql for backdoors, scan your codes yourself or with software. acunetix as i remember
if its this one then someone has done a bit of sql injection and you need to look at your scripts. The spam is in your database. Its not a file. hxxp://www.fighterclub.lv/index.php?96323k1m Its a joomla site so if you are keeping up with the version releases it should be pretty secure. Review your mods. They should all be "sanitising" before inserting records.