Drupal activity stream not updating
Note that these functions are also used by Drupal extensions for legitimate reasons, so be sure you test changes or get help so you do not accidentally break your site.
Manually removing “malicious” code from your website files can be extremely hazardous to the health of your website. If you’re unsure, please seek assistance from a professional.
If your Drupal site has been blacklisted by Google or other website security authorities, you can use their diagnostic tools to check the security status of your Drupal website.
For more information about these security warnings, read our guide explaining the Google blacklist.
You can use a module like Mass Password Reset to force all users to reset their passwords.It is critical that all backdoors are closed in order to successfully clean a Drupal hack, otherwise your site will be reinfected quickly.If you were blacklisted by Google, Mc Afee, Yandex (or any other web spam authorities), you can request a review after the hack has been fixed.Hackers always leave a way to get back into your site.More often than not, we find multiple backdoors of various types in hacked Drupal sites.
Chances are that someone else has already figured out how those domain names are involved in the hack you are attempting to clean.