Probably an easy answer for the guys at GoDaddy. I think that haxor file was only in the one CMS folder. It was at the root. And yes, I deleted it right away. I'd guess they could have used that to do more mischief. I find it very interesting that it is in the website that got hacked 5 years ago. I only remember all this because I read our thread from 5 years ago when you helped me fix that problem. Because I use shared hosting, the hacker could have found the vulnerability in one site, got into that and then somehow accessed all my other sites in that same account?
I will delete current CMS folder for one site and then upload new folder tonight. It takes about an hour. If all goes well with the first, I can do the others.
Thank you very much.