*nix-like systems

How to find a rootkit on a server if chrootkit, rkhunter and LMD don't help?

Hello!
Such a misfortune happened - on the VDS server there is some malicious code that slips iframe site templates into html (and hides it in an invisible area), which Kaspersky swears at. This code rewrites the template as scheduled, at the same time. If you rename the template file, or include another one, then it saves for a while, but then the iframe finds a new, plug-in template. This behavior suggests that someone is specifying a specific file for manually scheduled overwriting. So there is a rootkit on the server?
Tried to search using rkhunter, chrootkit, Linux Malware Detect, monitor logs, disable ssh users, reconfigure ports, disable root - useless. You can't just take and rearrange the system. Are there any other ways to get out of the situation? Debian squeeze system.