Hello All,
I'm just entering this info here for the heck of it... I don't expect any solutions... I think the server is pretty well a goner because of this...

I received this from root this morning:
"Subject: Trojan Horses Detected by (WHM) on machine.server.net
> Hidden Pid detected! [pid 8890]
> hidden from ps: [yes]
> binary location: [/usr/sbin/xntps]

WHM is a part of the "CPanel" control panel installed on the Linux box I have been using for almost a year... It detected this trojan, but doesn't do anything to recommend ways to remove it...

So I've been playing with it all day, reading the forums... since the server is already compromised, it seemed to late for chkrootkit.

At any rate, if anyone is interested in playing around with this thing, let me know... I'll be deactivating the server at the end of the month, and have already transferred all data to a new server with a more updated kernel (I hope).

I've already done a lot to mess around with this trojan, based on things I've read here and at other forums and sites. But as far as I'm concerned, the damage is done... I don't trust the machine anymore...

It's almost 4:00 AM here, and I have to teach at noon... if anyone is interested in playing with this server, PM me and maybe I'll set you up as root for the fun of the challenge...