Hacked, and in trouble!!

[mastercc119]

Guys!
My machine was hacked and here is my problem:
- All services are running - fine
but
- I cannot see with processes are running. Its a solaris 8 box on Sun E250.
ps -ef |grep sendmail for example returns nothing but sendmail mail is running.

I installed patch-cluster from SunSolve, the latest, not change. I run chkrootkit and I see only netstat was infected, but still, my main worry is ps.

Please assist, i do not want to reinstall this box.

 

[onepair]

Did you try to look at ps in sbin? Is it linked and the real one is somewhere else? Just a thought. Also, you have root so you can see all users on the system. look at any you don't know where it came from and su to them and then do a ps -ef and see what happens.

 

[jad]

if i do a 'ls -l /usr/bin/ps' i get :
-r-x-r-x-r-x 37 root bin 5204 Jan 5 2000 /usr/bin/ps

do you get similar?