You should probably re-install, but if it's at all possible, keep the box around and try to figure out a number of things:
How the attacker got in. What Rootkit was installed. What did the rootkit do (transfer files, create a backdoor, etc..) Who the attacker was. Just putting the box back up from source media won't do any good if the source media has a security hole in it. Does anyone know of any processes which are hidden by design from ps, but are not trojans/malware? > What is the best strategy for dealing with an LKM kit? Reinstall > linux from CD or try to remove it? >
