Outbound IRC NIC being caught by IDS

I have a RH 7.1 host which started to send outbound IRC communication
to a remote IRC host on May 17, 2004.
The traffic is being caught by an IDS machine on the same subnet.
I have loaded the busybox library on to the "infected" host to try and
circumvent any infected binaries. However, using the buysbox ps, and
netstat commands does not show any processes or connections out of the
ordinary.
I have looked around the security sites for something to do with IRC
DoS, and there is lots out there, but nothing pertaining to a Linux
trojan.

I have been negligent with upgrades and patches to this host, so I am
getting what I deserve. However, before I wipe it clean, I would like
to try and figure out what happened.

TIA

Here is the IDS output:

[**] [1:542:9] CHAT IRC nick change [**]
[Classification: Potential Corporate Privacy Violation] [Priority: 1]
05/25-04:02:44.296532 XXX.XXX.XXX.XXX:24324 -> 193.109.122.68:6667
TCP TTL:64 TOS:0x0 ID:21999 IpLen:20 DgmLen:62 DF
***AP*** Seq: 0x47408869 Ack: 0x81388858 Win: 0x262E TcpLen: 32
TCP Options (3) => NOP NOP TS: 247285800 233363605

Here is the IDS rule:

alert tcp $HOME_NET any -> $EXTERNAL_NET 6666:7000 (msg:"CHAT IRC nick
change"; flow:to_server,established; content: "NICK "; offset:0;
classtype:policy-violation; sid:542; rev:9;)