Hello all,

I have a problem with a webserver that runs Centos4 with DirectAdmin.

Since a few weeks some websites hosted on it are not redirecting on search engines properly, they are redirected to some malware site, resulting in a ban from google.

Now I have used 3 virusscanners: ClamAV: Didn't find anything Bitdefender: Found a 2-3 files with JS infection, deleted them AVG: Finds lots of files, but doesn't have the option to clean!

The virus that it finds is: JS/Redir JS/Dropper

Still the strange thing is: website a (www.aa.com) does not have any infected files (have gone through all the files manually, is a custom PHP app, nothing special) but does still have the same virus. Website b (www.bb.com) does have the infected files as only one.

I deleted all these files and suspended the account, but no luck, still the same error.

I do get the log entries on the website from the searchengines so the DNS entries are not changed.

But now I have gone through the httpd files but cannot find anything.

Where can I start looking for this?