Is there some sort of software like McAfee or Norton that I could use to scan my Cpanel?
I believe there are a few shared webhosts that provide an antivirus scanner as an icon in cPanel. If yours doesn't, then using another scanner isn't usually an available option. I'm assuming you're on shared hosting.
Otherwise, the task of finding malware in your site basically boils down to searching through the files on your server. It's just like searching through files on your PC, except that you're not physically sitting at your website's server, and it's probably a Linux computer rather than Windows. Both those things can complicate matters quite a bit. The things you'd be searching for are:
1) malicious entire files that shouldn't be there (such as r57.php or other backdoor scripts -- these are the "backdoors")
This article shows how to get a listing of all the files in your site. Having the list of file names is a start:
http://25yearsofprogramming.com/blog/2009/20090621.htmThis article is about specifically searching for backdoor scripts, with the use of text search utilities available in Linux and Windows:
http://25yearsofprogramming.com/blog/2010/20100315.htm2) malicious code inserted into your otherwise normal files, such as the index.php that you replaced with a fresh copy. These aren't "backdoors". These are viruses, etc. that attack visitors who load the web pages.
This article has examples of what malicious code tends to look like:
http://25yearsofprogramming.com/blog/20071223.htmThe reason for the general lack of extremely clear instructions for these types of tasks is that they are complex. They can require knowing, or learning, how to use the necessary utilities, and it helps to have a general familiarity with Linux and the structure of your website on it.
Imagine someone tells you, "Some stranger sat down at my computer and changed a bunch of my files, and I think they also installed a program that will allow them to access my PC remotely through the internet. I only use my PC for email and web browsing, and don't know anything about Windows other than that. Can you give me some simple instructions how to find out what they did, and fix it?"
The obvious answer is No. It isn't possible to give simple instructions that will cover the various possibilities, especially if the person isn't generally familiar with their PC or its operating system.
If the challenge is really daunting, it might be worth hiring somebody to do the cleanup. Cost seems to run from $150 to $400 for a WordPress site. For most websites, and most webmasters, the cost of having somebody else do a cleanup like this is a significant and unpleasant expense.
I generally encourage people to take this opportunity to learn about their site, by doing the cleanup themselves. It's slower, but you're saving quite a bit of money and learning a lot when you do it that way.
until the other day that I downloaded a complete site backup to my local computer and ran a scan using Norton and to my surprise it found something called PHP.RSTBackdoor
You might have successfully cleaned out the initial malware when you replaced index.php with a clean copy. What remained was a "backdoor" that allows the hackers to get back into the site. That is, it's a different type of malware. It's not a virus that infects PCs; it's just a script that the hackers can call with their browser, which gives them access to your files.
If you can determine the name of the file that Norton quarantined from the set of files you downloaded, try to find that filename in the listing of your site files -- see the article in #1) above --, and go on the server (cPanel File Manager), and delete that file.
