JD 1.9.x Series users - Please update to jD184.108.40.206 (Joomla 2.5) or jD220.127.116.11 (Joomla 3.x)
The Bug, which is fixed in the latest releases, allowed users without the appropriate permissions to upload files. This has been exploited from sometime in late July by a hacker who has uploaded malicious files on some sites. As well as updating please also check any file uploaded since then to see if you recognise it and DELETE if you do not recognise it. Some people may prefer to restore their complete website from a backup, including the entire database.
Note: check at first the jDownloads upload root folder, the /images/jdownloads/screenshots and the /images/jdownloads/screenshots/thumbnails folders.
For Joomla! 2.5: get jD18.104.22.168
For Joomla! 3.x: get jD22.214.171.124
(links open in a separate tab or window)