I dont think those are for webmin, installed on a CentOS system. Also, what if the malware is in the database? phpmyadmin, mysql etc.?
Pretty much removal of malware is a manual process. The best thing is to make sure any security vulnerabilities are closed. Unfortunately there's no magic wand.
You can use the "Linux Malware Detect (LMD)" as its working perfectly on the CentOS, the following URL will help you to understand it. Linux Malware Detect Note : Before making any installation, please make sure that you have understand it else it will cause you problems.
I have used the maldet as suggested and it actually works pretty good. It found and deleted many things but the malware is still active. I think there are some parts located in DB also. What else i can do at this point?
Is the malware still active? Or is the hijack code static on the site? If the former, look at the datecodes of the files on the server for something out of the ordinary you might find a clue to the hacked file. If the latter, export the db and examine it. You need to find out how they exploited your site so that you can shut the door they used.
Malware comes active randomly. Sometimes one a day sometimes several times a day. But never more than one time at a moment. So when you refresh the page it goes away. I have already closed all the doors they came in. I have made the investigation already. I know the type of malware, the codes and bunch of stuff about it. That is how i could remove most of it. But somehow its still somewhere and maldet cant find it. I asume its somewhere in the DB. I can manually examine the db because db is huge.
I have heard good things about these guys, haven't used them http://sucuri.net/ They have a free scanner that gives a report like this: Security report (No threats found):[TABLE] [TR="bgcolor: transparent"] [TD="bgcolor: transparent"] [/TD] [TD="bgcolor: transparent"]Blacklisted: [/TD] [TD="bgcolor: transparent"]No[/TD] [/TR] [TR="bgcolor: transparent"] [TD="bgcolor: transparent"][/TD] [TD="bgcolor: transparent"]Malware:[/TD] [TD="bgcolor: transparent"]No[/TD] [/TR] [TR="bgcolor: transparent"] [TD="bgcolor: transparent"][/TD] [TD="bgcolor: transparent"]Malicious javascript: [/TD] [TD="bgcolor: transparent"]No[/TD] [/TR] [TR="bgcolor: transparent"] [TD="bgcolor: transparent"][/TD] [TD="bgcolor: transparent"]Malicious iFrames:[/TD] [TD="bgcolor: transparent"]No[/TD] [/TR] [TR="bgcolor: transparent"] [TD="bgcolor: transparent"][/TD] [TD="bgcolor: transparent"]Drive-By Downloads: [/TD] [TD="bgcolor: transparent"]No[/TD] [/TR] [TR="bgcolor: transparent"] [TD="bgcolor: transparent"] [/TD] [TD="bgcolor: transparent"]Anomaly detection: [/TD] [TD="bgcolor: transparent"]No[/TD] [/TR] [TR="bgcolor: transparent"] [TD="bgcolor: transparent"] [/TD] [TD="bgcolor: transparent"]IE-only attacks: [/TD] [TD="bgcolor: transparent"]No[/TD] [/TR] [TR="bgcolor: transparent"] [TD="bgcolor: transparent"][/TD] [TD="bgcolor: transparent"]Suspicious redirections: [/TD] [TD="bgcolor: transparent"]No[/TD] [/TR] [TR="bgcolor: transparent"] [TD="bgcolor: transparent"][/TD] [TD="bgcolor: transparent"]Spam:[/TD] [TD="bgcolor: transparent"]No [/TD] [/TR] [/TABLE] On a clean site. Let us know if the free report tells you anything, and also if you give them a try how it works out. I'm not connected with them.
I have checked the website in all (free) security webssites already. They all show secure and clean. Because like i said before, the malware gets activated only sometimes.
As long as you have root access and SSH, i would say Maldet is seriously the best. Unfortunately there is no UI and its all commands but i loved it. It worked for my huge malware issue and it ended up finding 80k infected files in my server and cleaned it spotless. So i can tell you the maldet is the best in the market for now. and that is???