This is a transcript of an email i sent to the oscommerce folks:
Hi.
I recently downloaded and installed an addon that put a snowing effect in oscommerce stores.
The addon installs a trojan in /catalog/includes/languages/*your language*/privacy.php. Delete that file and replace it by the original privacy.php
Also, changes the permissions for the configure.php files to 444. You will have to set it to 744 to change it back to its original state.
Further, it changes the database server address and installs a spam bot in: /catalog/images/default/Christmas/worth.php - REMOVE THIS FILE!!
Your store becomes a spamming machine. I realized this when i was contacted by my hosting company.
One of the things this trojan did was to delete all the images of my products and thats why i have BACKUPS!!!!
Adding a script to index.php is part of the installation process - DO NOT INSTALL THIS SCRIPT!
The addon is called "Snow in your site". This is the link: http://addons.oscommerce.com/info/6395
Please delete this addon and notify the oscommerce community. You might want to think about checking the person that contributed with this addon.
It gave me a pain in the ass i can tell you.
Thank you.
José Almeida
P.S. If you want any help with this please let me know
P.S.2 I just realized that it also deleted my database backups.