JD 1.9.x Series users - Please update to jD220.127.116.11 (Joomla 2.5) or jD18.104.22.168 (Joomla 3.x)
The Bug, which is fixed in the latest releases, allowed users without the appropriate permissions to upload files. This has been exploited from sometime in late July by a hacker who has uploaded malicious files on some sites. As well as updating please also check any file uploaded since then to see if you recognise it and DELETE if you do not recognise it. Some people may prefer to restore their complete website from a backup, including the entire database.
Note: check at first the jDownloads upload root folder, the /images/jdownloads/screenshots and the /images/jdownloads/screenshots/thumbnails folders.
For Joomla! 2.5: get jD22.214.171.124
For Joomla! 3.x: get jD126.96.36.199
(links open in a separate tab or window)