CentOS ... that's a start! (and good in that it might be fairly easy to 'fix', depending upon factors - less stressful than you think).
Are you remotely hosted? IF so, with whom (who is provider)?
Do you have command line access to the server? (ssh)
Could be that your server has been targeted by a bot of some kind. Check users on the system for 'strange' (by that I mean not normal) users with EMail addresses not normally used by your 'typical clients'. Delete the ones that are un-confirmed - and take note of their domains (funnyuser@some.info - the 'some.info' are the domains).
If server is set up for EMail based registration, one might have to limit the EMail addresses to known domains of your typical clients - reject those domains you noted above.
You say you've upgraded to version 1.9 … the highest/most secure version: 1.9.19+.
How did you do that? Reason I ask, could be, the file/files of the 'infection' *could* (not saying they are) still there and accessible by whom ever.
Does this involve only chat? ie, that's the only place one sees 'strange behavior'?
'spirit of sharing', Ken