My site has been hacked and need help

[phoenix2010]

Hi ya guys
Over the last 24 hours ive been trying to get rid of a redirect that has dug itself into my file system
Seems like my .htaccess files cant be deleted and have some kind of code in them that i cant get rid of ?
It seems to have a redirect leeding to a .ru site
Ive not uploaded anything to the site or downloaded any files from the site and there is nobody with backend access to my acount so how someone has changed the htaccess files without me knowing i simply dont know ?

Can someone in admin please look at my site and tell me what i can do to get rid of is malicious code ?
Any help would be great?
Also all my links from google search seem to be leeding there as well ?
Ive even deleted the permanent redirect from my top level folder to the joomla site and it still redirects

The code is there to see in the index.html/.htaccess

 

[descalzo]

I go to your /joomla1 site fine.

I see no redirects.

OK, going through Google I can see one.

Contents of:
.htaccess in public_html ?
.htaccess in /joomla1 ?

 

[descalzo]

The code is there to see in the index.html/.htaccess

Huh?

One quick fix would be to remove the foreign redirects, save .htaccess, and then change the permissions to 0444.

 

[phoenix2010]

There seems to be other stuff been messed about with too
The hotlink protect had lots of weird code in it too which ive removed ?
Its hard to explain and am feeling a lot stupid at the moment
I deleted the htaccess file btw thats why you couldnt see it
5 minutes ago i deleted the code in hotlink protect and its back and am going to post it

^.*(google|ask|yahoo|baidu|youtube|wikipedia|qq|excite|altavista|msn|netscape|aol|hotbot|goto|infoseek|mamma|alltheweb|lycos|search|metacrawler|bing|dogpile|facebook|twitter|blog|live|myspace|mail|yandex|rambler|ya|aport|linkedin|flickr|nigma|liveinternet|vkontakte|webalta|filesearch|yell|openstat|metabot|nol9|zoneru|km|gigablast|entireweb|amfibi|dmoz|yippy|search|walhello|webcrawler|jayde|findwhat|teoma|euroseek|wisenut|about|thunderstone|ixquick|terra|lookle|metaeureka|searchspot|slider|topseven|allthesites|libero|clickey|galaxy|brainysearch|pocketflier|verygoodsearch|bellnet|freenet|fireball|flemiro|suchbot|acoon|cyber-content|devaro|fastbot|netzindex|abacho|allesklar|suchnase|schnellsuche|sharelook|sucharchiv|suchbiene|suchmaschine|web-archiv)\.(.*)
^.*(web|websuche|witch|wolong|oekoportal|t-online|freenet|arcor|alexana|tiscali|kataweb|orange|voila|sfr|startpagina|kpnvandaag|ilse|wanadoo|telfort|hispavista|passagen|spray|eniro|telia|bluewin|sympatico|nlsearch|atsearch|klammeraffe|sharelook|suchknecht|ebay|abizdirectory|alltheuk|bhanvad|daffodil|click4choice|exalead|findelio|gasta|gimpsy|globalsearchdirectory|hotfrog|jobrapido|kingdomseek|mojeek|searchers|simplyhired|splut|the-arena|thisisouryear|ukkey|uwe|friendsreunited|jaan|qp|rtl|search-belgium|apollo7|bricabrac|findloo|kobala|limier|express|bestireland|browseireland|finditireland|iesearch|ireland-information|kompass|startsiden|confex|finnalle|gulesider|keyweb|finnfirma|kvasir|savio|sol|startsiden|allpages|america|botw|chapu|claymont|clickz|clush|ehow|findhow|icq|goo|westaustraliaonline)\.(.*)

 

[descalzo]

The server won't send .htaccess anyway.

http://pastebin.com/g0AnStPY seems like someone else has your problem.

Clean out the code, save, and change permissions.

 

[phoenix2010]

Thats the code all over my site mate
Ffs ? Ok what permissions on the the htaccess files as the code is in lots of em ?
It wont let me edit the .htaccess file and says ccess denied ?

 

[phoenix2010]

This morning i deleted the whole site as i was no nearer finding the cause of the code replicating itself and denying access to certain files ?