Hostigation received third party information that your VPS may be compromised with the Ebury Trojan. The Ebury trojan steals SSH login credentials from incoming and outgoing SSH connections and forwards them to a dropzone server in specially crafted DNS packets. The trojan is normally found in a binary directory on Unix-based systems in one of the following locations:
/usr/bin/ssh
/usr/bin/sshd
/usr/bin/ssh-add
According to the data we received, your VPS was sending harvested SSH credentials to a dropzone server. They only guaranteed way to remove this trojan is to reinstall your VPS. If your VPS is OpenVZ, we can provide you with a small amount of backup space so you may retrieve critical files once your VPS is reinstalled. Due to the nature of this trojan, any infected KVM VPS will have to be reinstalled completely from scratch.