If your website has been hacked, you may or may not really know about it. The most COMMON ways you may find out you are hacked (that I have seen on 1.3.8 and older zen cart websites) are:
1. Customer informs store owner that their credit card info was stolen after they placed an order on their website
2. Spammy advertisements that go out in your emails to your customers. The hacker(s) have also been successful in putting the same advertisements at the bottom of the zen cart website.
3. You get orders in your cart via PayPal, but no payment in your PayPal account because the hacker has gotten into your admin and changed the paypal email address to THEIR address.
4. Phishing sites to places like Bank of America and other banks
5. Porn related html files placed on your server and traffic driven to them
If you have been hacked - chances are that it is because you are running an older version of zen cart that is no longer secure NOR is it PCI compliant to take credit cards. It is, and always will be, my advise to NOT put a bandaid over a gaping wound by patching things up and secure your site by getting it upgraded to the latest, secure version of Zen Cart. Getting an upgrade is a small price to pay considering you could lose your business, home, car and everything you have worked for if the credit card companies or customers decide to take action against you.
This service includes removal of malicious files and code, securing your images and ancillary folders with .htaccess files, removing record companies that might be injected into your database and checking for any hacked code in the admin area. It does NOT include repair of your database if that has been compromised - other than what is mentioned here. If that is the case, you will need to get an individual quote after your site is look at internally.
No guarantees are made that the hacker will not be able to again access your website the minute I am done cleaning it up and securing it the best I can if you are running an old version of zen cart.