Hi @tecnicouncoma,
If a rootkit was installed, then you won’t be able to trust the contents of your web root. It’s possible that additional PHP code was introduced there.
The parts of OJS that live in the web root are the source code, configuration file, and public directory. The source code will not be carried across with an upgrade to 3.3.0-20, so you’ll be starting clean there. Review the configuration file and contents of the public directory and ensure they are legit (e.g. free of executable code).
The contents of the files_dir (see config.inc.php) should live outside the web root and are not susceptible to remote execution.
See this thread for some additional guidance:
Regards,
Alec Smecher
Public Knowledge Project Team