Urgent Help Needed – SP Page Builder Malware Reinfection on Multiple Joomla Websites
I am dealing with a very serious security issue related to the recent SP Page Builder vulnerability, and I urgently need help.
I followed the official instructions and ran the security-scanner.php script. The scanner successfully detected and removed a large number of malicious files. However, within a few minutes, all the malicious files reappeared, and the websites became reinfected.
Unfortunately, this is not happening on a single website: I have multiple Joomla websites showing exactly the same behavior.
At this point, I suspect that either:
there is still an active persistence mechanism on the server,
some compromised administrator accounts or extensions remain,
or the attacker still has access through another entry point.
I honestly don't know how to proceed safely from here. I would be extremely grateful if someone could:
explain the correct recovery procedure step by step, or
provide professional assistance to clean and secure the websites.
Any advice or direct help would be greatly appreciated, because I am currently unable to stop the reinfections.
Thank you very much.