Hi @yasser,
Cleaning up after a security incursion is beyond the scope of this forum, but broadly speaking, it’s good policy not to trust content there. I’d suggest using diff to compare your installation against the stock release of OJS 2.4.8 – there’s too much content there to reliably check by hand.
It’s common practice to leave a PHP backdoor installed after this kind of a break-in, so it’s definitely not safe to trust your setup once you’ve got it working again.
Regards,
Alec Smecher
Public Knowledge Project Team