linux attack

hai frnds
I am using RH7.2
Previously i had an attach and some thing happend to my system some packets were going out of my system and when i traced it i found that someting is ftp to some IP addresses from my system.

what could be the mistake.
when i check the procces i could n't find any new proccess running.
but the top proccess ID goes on increasing and increasing.....when i type procinfo its shows the last process ID executed.
But the internal loopback bandwidth is increasing in my system it was nealy 200MB per hour when i type ipconfig and check
should i install the system again or how can i fix the problem
pls reply back
kiran

You've probably been rooted and got a rootkit installed. A rootkit is a package that many worms install, overwriting the standard ls, top, ps, etc. to hide some things that it doesn't want you to see.
It is possible to fix without reinstalling (I did), but it isn't too easy. If it's not _too_ much trouble, I'd recommend that you reinstall.
I'm sorry for you. Be sure to identify how your system got rooted in the first place and lock it down.

Use chkrootkit to check for rootkits.
If you have been rooted you have to re-install. Dont take anything for granted.
Print off the config settings you need then re-install.

If you connect to internet you should read this.

Kiran

its posssible it's a rootkit, before reinstalling the system if the chkrootkit proves positive then, it is best you review your log files to find out about any intrusion on the system.

use cat /var/log/messages > review.txt

and read the review.txt, which u will create maybe in ur home later.

if ever u reinstate the kernel. please trim down the service s that are running and disable those u don't to prevent any mischieve on ur box.

all the best with the penguin bro

urs in LINUX