I have a Joomla site version 1.5.26. It has a pesky pharma hack that is not yet registering on malware scan sites but is being shown on Google when you search for the site. The site is not blocked yet by Google. I am looking for help in cleaning it up. I have identified a web folder that is receiving the session files containing the comprised pages but I cannot find its trigger. So far, I cannot find any front end pages that are affected but several components in administration will redirect to the pharma pages.
I will happily provide the link through a Private message upon requests for clarification. And I apologize in advance that my budget is small. This was previously solved by another Freelancer to whom I gave a sincere good review but the problem re-occurred within hours and communications have slowed to a halt.