I am running an unmanaged Dedicated Server hosted with a company running CentOS 6.6. Today I got an email from that they have received complaints of malicious activity originating from my server and ask to check if the machine has been compromised and is now being used by intruders in malicious activities.
I checked is ps aux and found that pnscan and masscan were running from /home.cache directory.
I killed the process, removed .cache directory and changed the passwords.
I want your suggestions about how these port scanners would have entered in my system and how can I get rid of them completely? It is very difficult to rebuild the server. Also is this kind of trojan or virus ?