Sorry i couldnt read all posts, so if someone already said this, I am sorry in advance.
What you are talking about looks like (linux.rst.b)
Or a variant of the virus
If this is the case, i advise you to a full OS REINSTALL
I am by no means an expert, I just know a FEW things i am willing to share with you guys.
What i am saying here should help you identify if this is the case !
The virus when running sends out a HELL LOT of mail, tries to access a remote page so that the guy can record your IP address and post it to
http://www.zone-h.com/ (the former lost there DB a while ago, Good news for the people who got hacked before)
It could say anything by the way, from zetha team to CoDz InferNo, it attempts to write an index.html file to all web directories, it also attempts to delete all files in those dirs, so if you have directories with 0777 (CHMOD) (recursivly 0777), well, you lost those
How did you pick it up
There are security problems with MS FRONTPAGE EXTENSIONS, if you chmod that to to WRITABLE BY ALL, well anyone can ride your website like an open highway (Joy-ride, spam-ride or revenge-ride, sometimes even competitor-ride)
Bogus scripts, what more do i need to say, Well, if people think PHPBB is bogus, i tell you it is the SAFEST BB if you keep it up to date, all the security talk about it is because it has been put to the test 10000x other boards. I personaly find holes in other BBs all the time, Never find the time to check where i can post them.
Happy Patched ? think again, You are running ensim, You need the patches for both LINUX and ENSIM, If you do not run up2date allot, expect it to happen again and again
When running an important website along with others, Install 2 instances of apache (or whatever you are using) and make the second install run under dif. user and diff group, CHMOD to make each file none of the other servers bzns (when you need to have a writable chmod)
I could go on forever, I hope you get the moral of the post, You are never very secure, so hard to get away with it without going by the book !
Yours
YOZZY