"mattdorais@gmail.com" <mattdorais@gmail.com> writes:

>Hi, I have limited experience with Linux security so I'm hoping
>someone can help me. We had a complaint that there were attacks being
>launched from one of our servers (Ubuntu OS). I did a "lsof -i" as
>root and sure enough saw pages & pages of processes by this user
>launching attacks. Before killing the processes I tried deleting the
>user but I always got an error saying that he's not in the /etc/passwd
>file (which he is not). Every google search I did said to delete a
>user, delete them from the /etc/passwd file (quite frustrating!). I
>was able to finger this user's account. So my question is, how do I
>delete a user's account if they're not in the passwd file?

>Just FYI I have blocked access to this server via firewall so it will
>no longer be a problem but I'd still like to know how to delete a user
>like this.

Like what? You have not shown us anything. You have made vague statements,
which are impossible to know what you are talking about.
What user? What uid? You did you "finger this user's account"? What was the
result?

It sounds like you r system is completely owned All of the utilities (ls,
ps, vi,...) may well be changed.
It is time to wipe the disk, and reinstall.