Best methods to clean up a hacked site with no clean version available?

Question

I have been asked to fix a hacked site that was built using osCommerce on a production server.

The site has always existed on the remote host. There is no o

Answer 1

Obtain a fresh copy of the osCommerce version the site was built with, and do a diff between the new fresh osCommerce and the hacked site. Also check for files which exist on the server but not in the osCommerce package.

By manually comparing the differences, you can track down all possible places the hack may have created or modified scripts.