Support

My site has been hacked (Casper) and I need to restore all of the files of my Joomla 1.5.17 site. According to my host, "the database is safe". I know users have added information since my last back up a month ago, and if the database is safe I would like to not lose that data.

Is there an option to restore only the site files and not the database using kickstart?

If not, does this seem like a reasonable plan to restore the files but keep the most recent version of the database?
1. Change database password
2. Backup database in hosting account
3. Delete all site files in hosting account
4. Use Joomlapack Kickstart to restore files and database
5. Check if site works with restored database (old) and files
6. Restore database in hosting account so that restored site points to newer version of database
7. Verify newer content displays
8. Change pw on host, ftp, super and other admin accounts
9. Check user list for suspicious names
10. Uninstall gcalendar-check xml file for files/directories to remove
11. Install updated gcalendar version
12. Continue with Joomla security recommended hack recovery checklist

Thanks for your help!

To restore only the files on the original server is pretty easy. Upload your backup archive and kickstart.pnp to the root of your site. Call kickstart and let it extract the files and give you the two "here" links. Don't press the first "here" link, so you're skipping the install script. Press the second "here" link to delete the /installation folder, kickstart.php and the backup archive. Now your site should work with the old database password. You need to change that password and manually update the configuration.php file. The setting you need to change is $password.

That procedure will allow you to skip some restore steps in your post, but the security related ones are still necessary.